Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Encryption - AWS Elemental MediaConnect
ContentsSee Also

Encryption

PDF

Information about the encryption of the flow.

Contents

roleArn

The ARN of the role that you created during setup (when you set up MediaConnect as a trusted entity).

Type: String

Required: Yes

algorithm

The type of algorithm that is used for the encryption (such as aes128, aes192, or aes256).

Type: String

Valid Values: aes128 | aes192 | aes256

Required: No

constantInitializationVector

A 128-bit, 16-byte hex value represented by a 32-character string, to be used with the key for encrypting content. This parameter is not valid for static key encryption.

Type: String

Required: No

deviceId

The value of one of the devices that you configured with your digital rights management (DRM) platform key provider. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Type: String

Required: No

keyType

The type of key that is used for the encryption. If no keyType is provided, the service will use the default setting (static-key).

Type: String

Valid Values: speke | static-key | srt-password

Required: No

region

The AWS Region that the API Gateway proxy endpoint was created in. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Type: String

Required: No

resourceId

An identifier for the content. The service sends this value to the key server to identify the current endpoint. The resource ID is also known as the content ID. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Type: String

Required: No

secretArn

The ARN of the secret that you created in AWS Secrets Manager to store the encryption key. This parameter is required for static key encryption and is not valid for SPEKE encryption.

Type: String

Required: No

url

The URL from the API Gateway proxy that you set up to talk to your key server. This parameter is required for SPEKE encryption and is not valid for static key encryption.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Next topic:

Entitlement

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.