The example for using the CLI to test your handler shows a secret that looks like a 32-byte hexadecimal string. Actually the CLI interprets it as an ASCII string, so the example is actually passing a 64-byte string for the secret. I found this very misleading and it took me a bit of time to figure out why my code was not computing the correct HMAC until I realized that the format the CLI expects is ASCII string not hexadecimal string.