Key store for github apps written in go
This collection of software manages RSA keys and access tokens for github applications. There are three pieces of software meant to be used directly:
- gh-keystore-admin is a command line tool for managing application RSA keys stored in s3.
- lambda/getappjwt is an AWS lambda function that can sign claims for a JSON Web Token using RSA keys stored in S3.
- lambda/getinstalltoken is an AWS lambda function that fetches and caches installation access tokens using S3 for storage. It itself invokes lambda/getappjwt.
Notes on the remaining modules are below:
- appkeystore: Logic for managing application RSA keys stored in a messagestore
- keyservice: Interface definitions for managing and using application keys
- keyutils: Shared functions for RSA keys
- kslog: Logging interface; can wrap both log.Logger and testing.T
- lambdacall: Call services which are lambda functions
- messagestore: A store for protocol buffer messages
- s3store: A messagestore using S3
- timeutils: Shared time functions
- tokenservice: Interface for accessing tokens
- tokenstore Logic for managing a token store
If there is a burst of token requests for the same installation token and a valid one is not already cached, several tokens may be requested from github each subtracting from your quota total.
Multiple writes to the keystore may leave it it inconsistent because S3 itself offers no consistency guarantee for updates. An improved implementation could store canonical data to dynamodb and have a read-only version in S3.