Custom lambda authorizer get token from parameter store

Serverless Framework
1

Hi everyone,
I’m trying to implement a custom lambda authorizer but I want to read the token from the parameter store. If I take the store code off the authorizer works.

serverless.yml:

service: test

provider:
  name: aws
  runtime: nodejs10.x
  stage: default  
 
functions:
  auth:
	handler: api/auth.checkBearer
  test:
	role: ogiRole
	handler: api/test.test
	memorySize: 128	
	events:
	- http:
		path: test
		method: get
		cors: true
		authorizer: ${self:custom.authorizer.auth}
custom:
  stage: ${opt:stage, self:provider.stage}
  authorizer:
    auth:
      name: auth
      type: TOKEN
      identitySource: method.request.header.Authorization
      identityValidationExpression: Bearer (.*)
	  
plugins:
  - serverless-aws-alias
  - serverless-dynamodb-local
  - serverless-offline

auth.js:
‘use strict’;

const AWS = require('aws-sdk');
const ssm = new AWS.SSM();

const generatePolicy = function (principalId, effect, resource) {
    const authResponse = {};
    authResponse.principalId = principalId;
    if (effect && resource) {
        const policyDocument = {};
        policyDocument.Version = '2012-10-17';
        policyDocument.Statement = [];
        const statementOne = {};
        statementOne.Action = 'execute-api:Invoke';
        statementOne.Effect = effect;
        statementOne.Resource = resource;
        policyDocument.Statement[0] = statementOne;
        authResponse.policyDocument = policyDocument;
    }
    return authResponse;
};

module.exports.checkBearer = async (event, context, callback) => {
  
    var params = {
        Name: 'bearer',
        WithDecryption: true
    };
   let storeToken =null;
    ssm.getParameter(params, (err, data) => {
        if (err) {
            console.log(err);
        }
         storeToken = data.Parameter.Value;
        console.log("bearer token-->",storeToken);
    });
      
    const split = event.authorizationToken.split('Bearer');
    const token = split[1].trim();

    if (token.toLowerCase() ===storeToken) {
        callback(null, generatePolicy('user', 'Allow', '*'));
    } else {

        callback(null, generatePolicy('user', 'Deny', event.methodArn));
    }
};

Does anyone know how to get the token from the store? or another idea to keep the token hide.
I could put the token as an environment variable with TOKEN: ${ssm:/bearer~true} but I don’t want to have the token exposed.

Thanks,
Regards.