Versions Compared

Old Version 11

changes.mady.by.user Phil Windley

Saved on

compared with

New Version 12

changes.mady.by.user Phil Windley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
themeConfluence
ruleset io.picolabs.use_twilio_v2 {
  meta {
    key twilio {
          "account_sid": "<your SID goes here>",  
          "auth_token" : "<your auth token goes here>" 
    }
    use module io.picolabs.twilio_v2 alias twilio
        with account_sid = keys:twilio("account_sid")
             auth_token =  keys:twilio("auth_token")
  }

  rule test_send_sms {
    select when test new_message
    twilio:send_sms(event:attr("to"),
                    event:attr("from"),
                    event:attr("message")
                   )
  }
}

## outline

...

In this example, we've used the key pragma to declare the Twilio keys. Those keys are included in the use pragma that uses the Twilio module. By putting the keys in a key pragma, we tell the KRL parser and interpreter that they are keys so that it can take greater care. For example, they could be automatically redacted when shared. 

Warning
titleSecurity Warning

Don't put keys in rulesets that are publicly hosted, on Github, for example. Any ruleset containing keys must be carefully stored so that only authorized parties can see them.

But, putting the keys in the ruleset means that it can't be publicly hosted and we have to take special care to ensure the keys aren't exposed. Consequently, best practice is to store keys in a module specifically designed for keys. That way, you only have to be careful with modules you are aware have keys. 

We can do this by defining a keys module that only contains keys. The provides keys pragma limits which keys are shared with which module for security. 

Code Block
languagejs
themeConfluence

ruleset io.picolabs.lesson_keys {
  meta {
    key twilio {
          "account_sid": "<your account SID here>",  
          "auth_token" : "<your auth token here>" 
    }
    provide keys twilio to io.picolabs.use_twilio_v2
  }
}

We modify the preceding ruleset using the keys to load this ruleset as a module like so:

Code Block
languagejs
themeConfluence
ruleset io.picolabs.use_twilio_v2 {
  meta {
  	use module io.picolabs.twilio_keys 
    use module io.picolabs.twilio_v2 alias twilio
        with account_sid = keys:twilio("account_sid")
             auth_token =  keys:twilio("auth_token")
  }

  rule test_send_sms {
    select when test new_message
    twilio:send_sms(event:attr("to"),
                    event:attr("from"),
                    event:attr("message")
                   )
  }
}

For this to work, the module containing the keys must be registered as io.picolabs.twilio_keys because that's the name of the module we load. The ruleset using the keys must be registered as io.piolabs.use_twilio_v2 since that's the name of the ruleset the keys are provided to in the provide keys pragma. You can store the ruleset containing the keys on AWS S3 behind a private URL, on a Web server with Basic Auth, or using some other scheme that will protect it from viewing by people who would steal the keys. The ruleset using the keys can be stored at a public URL.

Conclusion

We now have a Twilio module that wraps the Twilio API in functions and actions that are more convenient for KRL rulesets to use. We've also taken steps to protect sensative keys while making their use convenient