go lambda bcrypt

Lambda, Dynamodb and Bcrypt

Bcrypt is the go to encryption algorithm for hashing passwords. If you have worked long enough with AWS Lambda and API Gateway, you will be well aware of the following pattern:

[api-gw] -> [lambda authorizer] -> [my lambda]

Lambda authorizer is used to verify the credentials against a database, usually dynamodb. Dyanmodb table contains username and password pairs where password are stored as bcrypt hashes

Microservice for bcrypt

Given the importance of bcrypt with lambdas, I decided to write a microservice that performs the following:

  1. convert password to hash
  2. compare a password and hash and return whether valid or not

To start using the microservice simply upload the zip file on the repo to your lambda

Introducing go lambda bcryptit


An AWS lambda function that sits behind the API Gateway and performs the following:

  • Given a password, return its bcrypt hash
  • Given a password and a hash, verify that they are valid


Path Expected input Expected output Description
/bcrypt/hash { "password" : "secret" } {"result" : "@#$@#$" } Returns a bcrypt hash of the provided password
/bcrypt/verify { "password" : "secret", "hash" : "$#$%#$%" } {"message" : "valid" } or {"message" : "invalid" } Returns a bcrypt hash of the provided password

The API GW should be configured as follows:


where ANY method is integrated with our Lambda via lambda proxy integration

Deployment to AWS

Method 1: Simply upload

  • Create a new lambda function with go1.x as runtime
  • Upload main.zip
  • Rename “handler” to “main”
  • And your lambda is ready to be used

If you fancy, use the deploy script :)

Method 2: Build from source

  • Run the build.cmd script to create an executable
  • The same script should work on a Linux system as well
  • Then deploy