Securely sharing confidential information between team members is one of the critical tasks we have to perform during our day-to-day life.
There are platforms we can use to share passwords or sensitive data. Such as onetimesecret.com, scrt.link and etc. Primarily they provide a one-time link to access your secret. The link will be disappeared once you access it.
In this article, I’ll be illustrating how we can implement a similar application via the AWS Serverless ecosystem.
As shown above in the diagram, the web application has been hosted in AWS Amplify. It allows users to store and read their secrets.
The web application is backed by two lambda functions. They manage the DB operations. (For demo purpose I have used lambda functionalURL.)
The data will be stored in DynamoDB.
Add a Secret
Adding a secret has three steps,
- Enter the Message.
- Enter a secret key to protect your message.
- Select the expiration time for the secret.
After the submission, the web application will invoke a Lambda functional URL to insert the data into DynamoDB.
Read a Secret
- Access the shared link
- Enter the provided Secret Key
- Your secret will be displayed.
After a successful retrieval of a secret. The secret will be deleted from the database immediately.
Workflow
DynamoDB has 4 attributes. SecretID (PK) and ExpirationTime (SK), Message, _and SecretKey_.
The TTL has been enabled on the ExpirationTime attribute. DyanmoDB deletes the record once it reaches the TTL value. This operation doesn’t consume a write capacity. However, DynamoDB TTL is not real-time. It’d take 24H-48H to remove a record from the DB. The lambda that reads the data has a logic to validate whether the requested secret is expired or not.
Demo
URL : https://secretshare.forexample.link
Top comments (0)