diff --git a/trigger/authorized_keys.py b/trigger/authorized_keys.py
new file mode 100644
index 0000000..d7898ad
--- /dev/null
+++ b/trigger/authorized_keys.py
@@ -0,0 +1,74 @@
+import json
+import boto3
+
+ddb = boto3.client('dynamodb')
+codecommit = boto3.client('codecommit')
+targetarn = 'arn:aws:codecommit:us-west-2:932028523435:authorized_keys'
+
+
+def lambda_handler(event, context):
+    # {
+    #   "Records": [
+    #     {
+    #       "awsRegion": "us-west-2",
+    #       "codecommit": {
+    #         "references": [
+    #           {
+    #             "commit": "5c4ef1049f1d27deadbeeff313e0730018be182b",
+    #             "ref": "refs/heads/master"
+    #           }
+    #         ]
+    #       },
+    #       "customData": "this is custom data",
+    #       "eventId": "5a824061-17ca-46a9-bbf9-114edeadbeef",
+    #       "eventName": "TriggerEventTest",
+    #       "eventPartNumber": 1,
+    #       "eventSource": "aws:codecommit",
+    #       "eventSourceARN": "arn:aws:codecommit:us-west-2:123456789012:repo",
+    #       "eventTime": "2016-01-01T23:59:59.000+0000",
+    #       "eventTotalParts": 1,
+    #       "eventTriggerConfigId": "5a824061-17ca-46a9-bbf9-114edeadbeef",
+    #       "eventTriggerName": "my-trigger",
+    #       "eventVersion": "1.0",
+    #       "userIdentityARN": "arn:aws:iam::123456789012:root"
+    #     }
+    #   ]
+    # }
+    print(json.dumps(event))
+    records = event["Records"]
+    if records is None or len(records) == 0:
+        raise RuntimeError('No records property in event')
+    print(records)
+    for record in records:
+        repoArn = record['eventSourceARN']
+        if repoArn is None:
+            print('no eventSourceARN on record')
+            continue
+        print('Record from ARN' + repoArn)
+        if repoArn != targetarn:
+            print('Not target ARN. Continuting')
+            continue
+        resp = codecommit.get_file(repositoryName='authorized_keys',
+                                   filePath='authorized_keys')
+        data = resp['fileContent'].decode("utf-8")
+        ddbitem = ddb.scan(TableName='key')  # ddbitem['Items']...
+        found = False
+        for item in ddbitem['Items']:  # should be only one anyway - whatever
+            if item['key']['S'] == data:
+                found = True
+                break
+        if found:
+            print('no change to keys. continuing')
+            continue
+        # Something's changed - let's make the update in DDB
+        ddb.put_item(TableName='key', Item={'key': {'S': data}})
+        for item in ddbitem['Items']:  # should be only one anyway - whatever
+            print('deleting old item')
+            ddb.delete_item(TableName='key', Key=item)
+
+    print('All records processed')
+
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Processing complete')
+    }