I am guessing you are using a ‘file’ resource to write /var/.chef/key.pem, and using data_bag_item(…) to read the data bag.
If so, the file resource is being executed at ‘converge’ time, whereas the data_bag_item call is happening at ‘compile’ time, before the key file has been written.
You can force the file resource to execute in the compile phase with something like:
file '/var/.chef/key.pem' do
action :nothing
end.run_action(:create)
If this isn’t the problem, can you share some relevant bits of your recipe?