From 36285e90df49466b09d11147424da061b9fc8025 Mon Sep 17 00:00:00 2001 From: Daniela Miao <2438477+danielamiao@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:29:31 -0800 Subject: [PATCH] chore: rename auth token to api key in docs --- DEPLOYMENT.md | 12 ++++++------ README.md | 16 ++++++++-------- README.template.md | 16 ++++++++-------- infrastructure/lib/infrastructure-stack.ts | 2 +- .../clients/momento-refresh/refresh-manager.ts | 4 ++-- lambda/src/process-token-refresh.ts | 4 ++-- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index fb3a61a..f78a8b3 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -9,7 +9,7 @@ - [Node.js®](https://nodejs.org/) v16+ - [Node Package Manager (npm)](https://www.npmjs.com/) -- A Momento auth token JSON file created in the [Momento console](https://console.gomomento.com/tokens) +- A Momento api key JSON file created in the [Momento console](https://console.gomomento.com/tokens) - AWS [command line tools](https://aws.amazon.com/cli/) ## How to update Momento Javascript SDK @@ -30,14 +30,14 @@ AWS_PROFILE= ./scripts/deploy.sh Below is a list of optional environment variables you can pass in to deploy.sh: -- `AUTO_ROTATION_IN_DAYS:` override the schedule (in days) in which the auth token will be refreshed. **Default:** 1 day +- `AUTO_ROTATION_IN_DAYS:` override the schedule (in days) in which the api key will be refreshed. **Default:** 1 day - `KMS_KEY_ARN`: override if you want to use your own KMS key to encrypt your secret in Secrets Manager. **Default:** `null` -- `MOMENTO_AUTH_TOKEN_SECRET_NAME`: override the name of the Secret created by the stack to store your auth token, multiple names can be added here separated by commas, this will allow the lambda to rotate multiple secrets. **Default:** `momento/authentication-token` **Example** `momento/auth-token-0,momento/auth-token-1` -- `SKIP_TEST_STEP_ENV_KEY_VALUE`: override if you want to skip the auth token testing, this will also disable CloudWatch Metrics. **Default:** `false` +- `MOMENTO_AUTH_TOKEN_SECRET_NAME`: override the name of the Secret created by the stack to store your api key, multiple names can be added here separated by commas, this will allow the lambda to rotate multiple secrets. **Default:** `momento/authentication-token` **Example** `momento/auth-token-0,momento/auth-token-1` +- `SKIP_TEST_STEP_ENV_KEY_VALUE`: override if you want to skip the api key testing, this will also disable CloudWatch Metrics. **Default:** `false` Test environment variables -- `USE_STUB_KEY_VALUE`: override if you would like to stub out client responses, this is for testing purposes and no auth token will be refreshed while this is `true`. **Default:** `false` +- `USE_STUB_KEY_VALUE`: override if you would like to stub out client responses, this is for testing purposes and no api key will be refreshed while this is `true`. **Default:** `false` - `MOCK_TOKEN_ENV_KEY_VALUE`: override if you would like to return a different mocked response from Secrets Manager for `getSecret` calls, requires `USE_STUB_KEY_VALUE` to be `true`. **Default:** `{}` - `MOCK_TOKEN_STATUS_ENV_KEY_VALUE`: override if you would like to return a different mocked response for token status, this is to test cloudwatch Metrics, requires `USE_STUB_KEY_VALUE` to be `true`. **Default:** `[['AWSCURRENT', TokenStatus.VALID], ['AWSPENDING', TokenStatus.VALID]]` @@ -45,7 +45,7 @@ Upon completion of deployment, your secrets will be created in AWS Secret Manage For more info on what needs to be stored and where to get the token, checkout the [README](./README.md) `Prerequisites` section. -The JSON Auth Token file can then be used to create a secret in AWS secret manager, like so +The JSON api key file can then be used to create a secret in AWS secret manager, like so ```shell aws secretsmanager create-secret --name "momento/authentication-token" --secret-string file://momento_token_info.json diff --git a/README.md b/README.md index 354b880..e63374a 100644 --- a/README.md +++ b/README.md @@ -4,16 +4,16 @@ [![project stability](https://momentohq.github.io/standards-and-practices/badges/project-stability-alpha.svg)](https://github.com/momentohq/standards-and-practices/blob/main/docs/momento-on-github.md) -# Momento auth token refresh using an AWS Lambda function +# Momento api key refresh using an AWS Lambda function This repo provides an example solution to manage and auto-refresh Momento authentication tokens for best security practices. This is done via a Node.js® 16 function deployed to AWS Lambda in your AWS account. ## Prerequisites 1. An AWS account with a role which can run AWS CDK -2. A Momento auth token downloaded from the [Momento console](https://console.gomomento.com/tokens) to a JSON file. +2. A Momento api key downloaded from the [Momento console](https://console.gomomento.com/tokens) to a JSON file. -If you need a Momento auth token, [log into the Momento console](https://console.gomomento.com/tokens) and generate one using the UI. +If you need a Momento api key, [log into the Momento console](https://console.gomomento.com/tokens) and generate one using the UI. Instructions on how to generate your token can be found [in our public docs](https://docs.momentohq.com/getting-started#step-2-create-an-authentication-token-in-the-momento-console). @@ -21,7 +21,7 @@ The generated result should be downloaded as a JSON file for safe keeping, named ```json { - "authToken": "", + "apiKey": "", "refreshToken": "", "validUntil": "" } @@ -29,7 +29,7 @@ The generated result should be downloaded as a JSON file for safe keeping, named ## Deploying the Lambda function to an AWS account -Using the command line; deploy the function, IAM role, auth token, etc., via CLI, with the following instructions: +Using the command line; deploy the function, IAM role, api key, etc., via CLI, with the following instructions: [DEPLOYMENT](./DEPLOYMENT.md) @@ -45,16 +45,16 @@ With the Lambda function in this repo deployed, you can manually invoke the Lamb If you've overriden the default secret name, then replace `momento/authentication-token` with your custom name. -## Retrieving auth token from secret manager +## Retrieving api key from secret manager -Your application simply needs to retrieve the newly-generated secret from AWS Secrets Manager. The secret name (unless overwritten) is `momento/authentication-token`, the token is stored in three key value parts, authToken, refreshToken, and validUntil. +Your application simply needs to retrieve the newly-generated secret from AWS Secrets Manager. The secret name (unless overwritten) is `momento/authentication-token`, the token is stored in three key value parts, apiKey, refreshToken, and validUntil. Example using the AWS CLI and `jq`: ```shell aws secretsmanager get-secret-value --secret-id "momento/authentication-token" | jq '.SecretString | fromjson' { - "authToken": "", + "apiKey": "", "refreshToken": "", "validUntil": "" } diff --git a/README.template.md b/README.template.md index fcd8994..97be099 100644 --- a/README.template.md +++ b/README.template.md @@ -1,15 +1,15 @@ {{ ossHeader }} -# Momento auth token refresh using an AWS Lambda function +# Momento api key refresh using an AWS Lambda function This repo provides an example solution to manage and auto-refresh Momento authentication tokens for best security practices. This is done via a Node.js® 16 function deployed to AWS Lambda in your AWS account. ## Prerequisites 1. An AWS account with a role which can run AWS CDK -2. A Momento auth token downloaded from the [Momento console](https://console.gomomento.com/tokens) to a JSON file. +2. A Momento api key downloaded from the [Momento console](https://console.gomomento.com/tokens) to a JSON file. -If you need a Momento auth token, [log into the Momento console](https://console.gomomento.com/tokens) and generate one using the UI. +If you need a Momento api key, [log into the Momento console](https://console.gomomento.com/tokens) and generate one using the UI. Instructions on how to generate your token can be found [in our public docs](https://docs.momentohq.com/getting-started#step-2-create-an-authentication-token-in-the-momento-console). @@ -17,7 +17,7 @@ The generated result should be downloaded as a JSON file for safe keeping, named ```json { - "authToken": "", + "apiKey": "", "refreshToken": "", "validUntil": "" } @@ -25,7 +25,7 @@ The generated result should be downloaded as a JSON file for safe keeping, named ## Deploying the Lambda function to an AWS account -Using the command line; deploy the function, IAM role, auth token, etc., via CLI, with the following instructions: +Using the command line; deploy the function, IAM role, api key, etc., via CLI, with the following instructions: [DEPLOYMENT](./DEPLOYMENT.md) @@ -41,16 +41,16 @@ With the Lambda function in this repo deployed, you can manually invoke the Lamb If you've overriden the default secret name, then replace `momento/authentication-token` with your custom name. -## Retrieving auth token from secret manager +## Retrieving api key from secret manager -Your application simply needs to retrieve the newly-generated secret from AWS Secrets Manager. The secret name (unless overwritten) is `momento/authentication-token`, the token is stored in three key value parts, authToken, refreshToken, and validUntil. +Your application simply needs to retrieve the newly-generated secret from AWS Secrets Manager. The secret name (unless overwritten) is `momento/authentication-token`, the token is stored in three key value parts, apiKey, refreshToken, and validUntil. Example using the AWS CLI and `jq`: ```shell aws secretsmanager get-secret-value --secret-id "momento/authentication-token" | jq '.SecretString | fromjson' { - "authToken": "", + "apiKey": "", "refreshToken": "", "validUntil": "" } diff --git a/infrastructure/lib/infrastructure-stack.ts b/infrastructure/lib/infrastructure-stack.ts index 4dcf2be..46fc63f 100644 --- a/infrastructure/lib/infrastructure-stack.ts +++ b/infrastructure/lib/infrastructure-stack.ts @@ -15,7 +15,7 @@ import {NodejsFunction} from 'aws-cdk-lib/aws-lambda-nodejs'; import path = require('path'); interface AuthTokenOptions { - // The name you would like to give to the Secret containing your Momento auth token, + // The name you would like to give to the Secret containing your Momento api key, // multiple secrets can be refreshed by adding a comma spliced list momentoAuthTokenSecretName?: string[]; // Override this if you wish to change when the secret is automatically rotated. diff --git a/lambda/src/clients/momento-refresh/refresh-manager.ts b/lambda/src/clients/momento-refresh/refresh-manager.ts index 5c727e3..542bd02 100644 --- a/lambda/src/clients/momento-refresh/refresh-manager.ts +++ b/lambda/src/clients/momento-refresh/refresh-manager.ts @@ -49,7 +49,7 @@ export class MomentoRefreshManager implements MomentoRefresh { if (listResponse instanceof ListCaches.Error) { if (this.invalidAuthTokenResponse.includes(listResponse.errorCode())) { console.warn( - `Invalid auth token for stage ${ + `Invalid api key for stage ${ versionStage ? versionStage : 'undefined' }, client error code: ${listResponse.errorCode()}` ); @@ -57,7 +57,7 @@ export class MomentoRefreshManager implements MomentoRefresh { } else { // This is best effort, if we get an error other then an authentication error, we can just move on console.warn( - `Failed to test auth token, client error code: ${listResponse.errorCode()}` + `Failed to test api key, client error code: ${listResponse.errorCode()}` ); return TokenStatus.NOT_TESTED; } diff --git a/lambda/src/process-token-refresh.ts b/lambda/src/process-token-refresh.ts index 82d08c2..b025025 100644 --- a/lambda/src/process-token-refresh.ts +++ b/lambda/src/process-token-refresh.ts @@ -157,7 +157,7 @@ export class ProcessTokenRefresh { switch (pendingTokenStatus) { case TokenStatus.VALID: - console.log('Valid auth token, nothing else to do.'); + console.log('Valid api key, nothing else to do.'); break; case TokenStatus.INVALID: { @@ -183,7 +183,7 @@ export class ProcessTokenRefresh { SECRET_CURRENT ); Common.logAndThrow( - `Failed to refresh auth token for secret, ${secretId}` + `Failed to refresh api key for secret, ${secretId}` ); } }