Load PEM File on deployment

We are going to be using Auth0 to secure our Lambda’s as part of the Auth handler. I can see where you can load specific environment variables from an environment yml/json but I can’t see if there is an easy way to load PEM files on deployment?

Obviously I can just simply load it when I want to authenticate a call like so:

const pemFile = path.resolve(__dirname, '../public-certs/bvt.pem');
const cert = fs.readFileSync(pemFile);
const decoded = jwt.verify(token, cert, (err, decoded) =>{});

But that will mean that I’ve got to reload it over and over again in a handler that is going to be called constantly. So ideally I’d like to be able to load it into an environmental variable in the .yml file on deployment. It’s unlikely to change for a particular environment unless it’s part of a certificate cycling process.

I’m very new to serverless but ideally I’d like to load it like this

AUTH0_PUBLIC_PEM: ${file(./public-certs/${opt:stage}.pem)}

Is this possible? Have I just missed the bleeding obvious?

The other alternative I can see is to stick it in the env.yml file as a static string but that doesn’t feel ‘right’ somehow because it’s essentially hard coded

I wouldn’t use environment variables.

It’s probably best to do this in your Lambda. If you do it outside of the handler function then it should be available inside the handler but it will only be executed once when the Lambda is loaded.