|The codebase required a minor design update. The problem with the current implementation is that the code is required to have the Amazon Web Service (AWS) secret key embedded in it so that it can interact with SQS and S3 to create queues, upload files, etc.|
I want to make the software such that I can distribute it to people I don't trust, so it's important to get that secret key out of the source code. The trick is to create a secondary authentication system (SAS) that has accounts for people that are going to use the record book. This secondary authentication system runs on a private system under our control, and that system knows the secret key. Now, you log in to the software when you start it up, and the software will talk to SAS to get the signatures it needs to talk to AWS. It's slightly round-about, but it gives us fine grained control over the users and is the *right thing* to do. It's almost done.
Status Blog >