Valet Key Pattern
Also known as: Token-based Access Pattern, Temporary Access Token Pattern
1. Overview
The Valet Key pattern is a design pattern used in cloud computing and distributed systems to provide clients with restricted, direct access to a specific resource for a limited time. This pattern is analogous to a real-world valet key for a car, which can start the engine and open the doors but cannot unlock the trunk or the glove compartment. Similarly, in a software architecture context, the Valet Key pattern provides a token or key that grants a client temporary, limited permissions to a resource, such as a file in a cloud storage service, without exposing the master credentials or granting broader access to the system [1]. This approach is particularly useful in applications where clients need to upload or download large files, as it offloads the data transfer from the application server to the storage service, improving performance and scalability.
2. Core Principles
The Valet Key pattern is based on a few core principles that ensure secure and controlled access to resources:
| Principle | Description |
|---|---|
| Tokenization | Access to the resource is granted via a temporary token (the valet key) rather than by using the application’s primary credentials. |
| Limited Scope | The token grants access only to a specific resource or a set of resources, and for a specific set of operations (e.g., read-only). |
| Time-bound Access | The token has a limited validity period and automatically expires after a predefined time. |
| Decoupling | The client interacts directly with the resource provider (e.g., cloud storage), decoupling the data transfer from the application server. |
| Auditing | All access requests made with the valet key can be logged and audited, providing a trail of who accessed what and when. |
3. Key Practices
In many modern applications, especially those built on cloud infrastructure, there is a common need to allow clients to interact with resources, such as uploading images, downloading videos, or accessing large datasets. A naive approach would be for the client to send the data to the application server, which then relays it to the storage service. This approach has several drawbacks:
- Increased Load on the Application Server: The application server becomes a bottleneck as it has to process all the data transfers, consuming significant CPU, memory, and network bandwidth.
- Scalability Issues: As the number of clients and the size of the data grow, the application server may not be able to handle the load, leading to performance degradation.
- Security Risks: Exposing the application’s master credentials to the client-side is a major security risk. If these credentials are compromised, an attacker could gain unrestricted access to all the resources.
4. Implementation
The Valet Key pattern addresses these problems by introducing a trusted component that generates a temporary, restricted-access token. The workflow is as follows:
- The client requests access to a resource from the application.
- The application authenticates and authorizes the client.
- If the client is authorized, the application generates a valet key—a short-lived token with specific permissions (e.g., read access to
file.zipfor 15 minutes). - The application returns the valet key and the resource URI to the client.
- The client uses the valet key to access the resource directly from the resource provider (e.g., a cloud storage service).
- The resource provider validates the valet key and, if valid, grants the requested access.
This solution offloads the data transfer from the application server, reduces its workload, and enhances security by avoiding the exposure of long-term credentials.
5. 7 Pillars Assessment
| Pillar | Score (1-5) | Rationale |
|---|---|---|
| Purpose | 3 | Serves a clear technical purpose in system design |
| Governance | 3 | Can be governed through standard engineering practices |
| Culture | 3 | Supports engineering culture of reliability and quality |
| Incentives | 3 | Aligns incentives toward system stability |
| Knowledge | 4 | Well-documented pattern with extensive community knowledge |
| Technology | 4 | Directly applicable to modern technology stacks |
| Resilience | 4 | Contributes to overall system resilience |
| Overall | 3.4 | A valuable technical pattern that supports commons infrastructure |
| Pros | Cons |
|---|---|
| Improved Scalability and Performance | Offloads data transfer from the application server, allowing it to handle more requests. |
| Enhanced Security | Avoids exposing master credentials to clients and provides granular control over resource access. |
| Reduced Cost | Can reduce operational costs by minimizing the data processing load on the application server. |
| Complexity | The implementation adds complexity to the system, as it requires a mechanism to generate and manage tokens. |
| Clock Skew | The expiration of tokens is time-sensitive, and clock differences between the token-issuing service and the resource provider can lead to premature or delayed expiration. |
| Token Management | The application is responsible for managing the lifecycle of the tokens, including revocation if a token is compromised. |
6. When to Use
The Valet Key pattern is widely used in cloud services:
- Amazon Web Services (AWS) S3 Pre-signed URLs: These are URLs that provide temporary access to a specific S3 object. The URL includes a signature and an expiration time.
- Azure Blob Storage Shared Access Signatures (SAS): SAS provides delegated access to resources in a storage account. You can grant clients a SAS token that specifies permissions and a validity period [2].
- Google Cloud Storage Signed URLs: Similar to AWS, Google Cloud allows the creation of signed URLs that grant time-limited access to a specific object in a bucket.
7. Anti-Patterns & Gotchas
In the cognitive era, where AI and machine learning models are becoming increasingly prevalent, the Valet Key pattern is highly relevant. For instance, when training a machine learning model, a large dataset stored in the cloud might be required. Instead of routing this data through an application server, a valet key can be provided to the training job to access the data directly. This is particularly useful for distributed training scenarios where multiple nodes need to access the same dataset concurrently. Similarly, the pattern can be used to provide secure and temporary access for uploading model artifacts, logs, and checkpoints during and after the training process.
8. References
The Valet Key pattern aligns with several of the Commons principles:
- Shared Resource: The pattern facilitates the secure sharing of resources (e.g., datasets, files) among multiple clients.
- Equitable Access: By providing temporary and restricted access, the pattern ensures that clients have the access they need without compromising the security of the overall system. It allows for fine-grained control over who can access what, which can be used to enforce fairness.
- Sustainability: By offloading data transfer from the application server, the pattern helps to reduce the server’s resource consumption, leading to a more sustainable and cost-effective architecture.
- Community Benefit: In the context of open data platforms or collaborative research environments, the Valet Key pattern can be used to provide secure access to shared datasets, fostering collaboration and innovation.
However, the implementation of the pattern needs to be carefully designed to ensure that the token generation and management process is itself secure and does not become a single point of failure.
8. References
[1] Microsoft. “Valet Key pattern.” Azure Architecture Center. https://learn.microsoft.com/en-us/azure/architecture/patterns/valet-key
[2] Mosyan, D. “Valet Key Design Pattern for Direct Data Access.” Medium. https://medium.com/@dmosyan/valet-ket-design-pattern-for-direct-data-access-cc0a6c523a2b