Skip to content

Example Typescript Nodejs lambda that demonstrates how to auto-refresh your Momento authentication token

License

Notifications You must be signed in to change notification settings

momentohq/api-key-refresh-lambda

Repository files navigation

logo

project status project stability

Momento api key refresh using an AWS Lambda function

This repo provides an example solution to manage and auto-refresh Momento authentication tokens for best security practices. This is done via a Node.js® 16 function deployed to AWS Lambda in your AWS account.

Prerequisites

  1. An AWS account with a role which can run AWS CDK
  2. A Momento api key downloaded from the Momento console to a JSON file.

If you need a Momento api key, log into the Momento console and generate one using the UI.

Instructions on how to generate your token can be found in our public docs.

The generated result should be downloaded as a JSON file for safe keeping, named momento_token.info.json. Open this fil The contents of the downloaded JSON file will look like:

{
  "apiKey": "<jwt api key>",
  "refreshToken": "<refresh token>",
  "validUntil": "<epoch timestamp when token expires>"
}

Deploying the Lambda function to an AWS account

Using the command line; deploy the function, IAM role, api key, etc., via CLI, with the following instructions:

DEPLOYMENT

Manual rotation

With the Lambda function in this repo deployed, you can manually invoke the Lambda function to rotate a secret for you. Simply send an event with the following properties:

{
  "momento_auth_token_secret_name": "momento/authentication-token"
}

If you've overriden the default secret name, then replace momento/authentication-token with your custom name.

Retrieving api key from secret manager

Your application simply needs to retrieve the newly-generated secret from AWS Secrets Manager. The secret name (unless overwritten) is momento/authentication-token, the token is stored in three key value parts, apiKey, refreshToken, and validUntil.

Example using the AWS CLI and jq:

aws secretsmanager get-secret-value --secret-id "momento/authentication-token" | jq '.SecretString | fromjson'
{
  "apiKey": "<jwt api key>",
  "refreshToken": "<refresh token>",
  "validUntil": "<epoch timestamp when token expires>"
}

For more info, visit our website at https://gomomento.com!

About

Example Typescript Nodejs lambda that demonstrates how to auto-refresh your Momento authentication token

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published