Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Making data bag entries the "last mile" of attribute overrides.

What's it do?

This cookbook allows attributes to be provided via data bag entries. It slips functionality into recipes seamlessly to provide consistent functionality across all recipes, not just those explicitly built for it.


Basic Usage

Access attributes the same way as always:

  • node[:my_cookbook][:my_attribute]

Naming scheme

Data bags

The name of the data bag used will correspond to the name of the base attribute key used within a cookbook. For example, the base attribute key for the munin cookbook is munin thus the data bag name used will be munin. However, the chef-client cookbook uses the base attribute key of chef_client so the data bag name it uses will be chef_client.

The naming of the data bag entries are based on the node name with a config_ prefix. Given a node named lucid, the data bag entry id would be config_lucid. Periods are replaced with underscores within the node name for generating the data bag entry name. Thus, a node named would have a data bag entry id of config_lucid_example_com.

Quick Ref:

cookbook: chef-client
base key: chef_client
node name:
data bag name: chef_client
data bag entry id: config_test1_box

Advanced Usage

Custom Data Bag

Example: Use the myconfig data bag to supply configuration entries for the nagios attribute:

  • node[:bag_config][:nagios] = {:bag => :myconfig}

Custom Data Bag Entry

Example: Use custom_config data bag entry id under the nagios base attribute key:

  • node[:bag_config][:nagios] = {:item => 'custom_config'}

Encrypted Data Bag Entry

Encrypted data bags are supported when the encrypted attribute is set:

  • `node[:bag_config][:nagios] = {:encrypted => true}

This will require the secret being provided either inline:

  • node[:bag_config][:nagios] = {:secret => 'my_secret'}

or as a path to the secret file on the node:

  • node[:bag_config][:nagios] = {:secret => '/etc/config_secret.file'}

Allowing/Restricting lookups

By default, the every base attribute key used will invoke an attempt to load a configuration data bag item related to that key. To help reduce the number of lookups required on a run, whitelisting and blacklisting on keys is available:

  • node[:bag_config][:bag_whitelist] = [:nagios, :djbdns]
  • node[:bag_config][:bag_blacklist] = [:nginx, :apache]

NOTE: The blacklist will always have precedence. This means that if an item has been specified in the whitelist and is also found in the blacklist, it will be blacklisted.

Compatibility Note

This version is incompatible with the 1.x versions. It removes all custom methods from Recipe instances and instead proxies the attribute requests via the node, so no modifications are required for full support.


Making data bag entries the last attribute mile






No releases published


No packages published