...
Code Block | ||||
---|---|---|---|---|
| ||||
ruleset io.picolabs.use_twilio_v2 { meta { key twilio { "account_sid": "<your SID goes here>", "auth_token" : "<your auth token goes here>" } use module io.picolabs.twilio_v2 alias twilio with account_sid = keys:twilio("account_sid") auth_token = keys:twilio("auth_token") } rule test_send_sms { select when test new_message twilio:send_sms(event:attr("to"), event:attr("from"), event:attr("message") ) } } |
## outline
...
In this example, we've used the key
pragma to declare the Twilio keys. Those keys are included in the use
pragma that uses the Twilio module. By putting the keys in a key
pragma, we tell the KRL parser and interpreter that they are keys so that it can take greater care. For example, they could be automatically redacted when shared.
Warning | ||
---|---|---|
| ||
Don't put keys in rulesets that are publicly hosted, on Github, for example. Any ruleset containing keys must be carefully stored so that only authorized parties can see them. |
But, putting the keys in the ruleset means that it can't be publicly hosted and we have to take special care to ensure the keys aren't exposed. Consequently, best practice is to store keys in a module specifically designed for keys. That way, you only have to be careful with modules you are aware have keys.
We can do this by defining a keys module that only contains keys. The provides keys
pragma limits which keys are shared with which module for security.
Code Block | ||||
---|---|---|---|---|
| ||||
ruleset io.picolabs.lesson_keys {
meta {
key twilio {
"account_sid": "<your account SID here>",
"auth_token" : "<your auth token here>"
}
provide keys twilio to io.picolabs.use_twilio_v2
}
} |
We modify the preceding ruleset using the keys to load this ruleset as a module like so:
Code Block | ||||
---|---|---|---|---|
| ||||
ruleset io.picolabs.use_twilio_v2 {
meta {
use module io.picolabs.twilio_keys
use module io.picolabs.twilio_v2 alias twilio
with account_sid = keys:twilio("account_sid")
auth_token = keys:twilio("auth_token")
}
rule test_send_sms {
select when test new_message
twilio:send_sms(event:attr("to"),
event:attr("from"),
event:attr("message")
)
}
} |
For this to work, the module containing the keys must be registered as io.picolabs.twilio_keys
because that's the name of the module we load. The ruleset using the keys must be registered as io.piolabs.use_twilio_v2
since that's the name of the ruleset the keys are provided to in the provide keys
pragma. You can store the ruleset containing the keys on AWS S3 behind a private URL, on a Web server with Basic Auth, or using some other scheme that will protect it from viewing by people who would steal the keys. The ruleset using the keys can be stored at a public URL.
Conclusion
We now have a Twilio module that wraps the Twilio API in functions and actions that are more convenient for KRL rulesets to use. We've also taken steps to protect sensative keys while making their use convenient.