Many cloud services require keys of one sort or another to authenticate and authorize access. Some of these use standardized authorization systems like OAuth and others use custom developer key schemes. Managing and using keys inside rulesets is a critical feature in KRL.
One of the primary reasons for having explicit support for keys in KRL is to promote code sharing. When you share a ruleset with others, you’d rather not have your keys—vital secrets—exposed. Redacting them each time you share the ruleset is a hassle. By explicitly supporting keys in the language, KRL can automatically redact keys.
Keys are declared in the
meta section of the ruleset using the
key pragma like so:
This creates a key called
errorstack with the value shown. Many times, there is more than one key that a service needs. You can also supply a map of name-value pairs for the key values:
This creates a key named
Some libraries (like the twitter library) require keys that have specific names and values. When you aren’t working with a library that has specific requirements, you will likely need to access the keys to send them to the cloud service you’re working with. You can access keys stored in the meta section from within KRL expressions using the following syntax:
<keyname> is the name given after the keyword key in the
meta section. The
<name> is optional. If it’s missing the entire value is returned. If it’s present, just the value associated with
<name> in the map is returned (assuming the value is a map).
The following KRL declaration would bind the entire map associate with the twitter key to the variable
On the other hand, the following KRL declaration would only bind the value associated with the name
consumer_secret to the variable
KRL provides a mechanism for storing keys in modules that can only be accessed by named rulesets. A key module uses the pragma
provide keys to specify which previously defined keys should be made available. For example, is rulesets
b16x77 require the use of a set of Dropbox keys, the following module could provide those keys specifically to the named rulesets:
The rulesets using the keys would load this module as usual and use the keys it provides as usual:
This example loads the keys in module
b16x5 and then uses them to configure module
When using key modules as shown above, you will need your key rulesets to be available on a URL so that you can register them with the rules engine. Otherwise they will not be available for use by other rulesets. The URL should be protected so that it is not publicly viewable. For example, the ruleset could be on a WebDAV server with an appropriately formatted BASIC AUTH URL or in a private Github repository.