Enabling Segmented Asset Encryption

MAM supports playback for encrypted segmented assets. At present, we support encryption for HLS assets using an AES-128 encryption.

You must set up your account’s CDN resource, so that it uses an S3 bucket in Dalet Flex Core:

  1. Click New.

  2. Click Resource.

  3. Create a CDN Storage Resource.

  4. Click the Configuration sub-tab

  5. Click Edit.

  6. Configure the following fields for the resource’s read location:

    • Protocol: Select HTTPS.
    • Hostname: This is the AWS host for your S3 bucket. Example:“flex-media-library.s3.amazonaws.com”.
    • Path: The path inside your bucket. Example: “/flex-mam-app”.
    • Key: The S3 access key for your bucket.
    • Secret: The S3 secret key for your bucket.
  7. Configure the following fields for the resource’s write location:

    • Protocol: Select S3.
    • Path: The path inside your bucket. This should be the same as the read configuration above. Example: “/flex-mam-app”.
    • Key: The S3 access key for your bucket.
    • Secret: The S3 secret key for your bucket.
    • Bucket: The name of your bucket. Example: “flex-media-library”.
  8. Click Save, to save the configuration.

  9. Click Start, to start the resource.

  10. Navigate to the Configuration section for your account, click the Metadata tab, and set the Publish CDN resource so that it uses the one you have just created.

  11. Enable Flex NGINX Proxy for S3 assets in the MAM app, by setting the following consul key:

    • Set flex/flex-mam-app/proxyBaseUrl to the URL of your Flex NGINX Proxy instance(s). If you are already accessing the MAM app from the Flex NGINX Proxy, then the domain name should be the same.
  12. Configure an instance profile with access to your S3 bucket on your Flex NGINX Proxy instance(s).

  13. Enable segmented asset encryption in the Flex NGINX Proxy by setting the following consul key:

    • Set the flex/flex-nginx-proxy/encryptSegmentedAssets to “Yes”.

Secure Images and Assets in MAM

Images and assets can be now be served to MAM through the Flex NGINX Proxy and it can be configured to require authentication on each request.

To enable it set the flex/flex-nginx-proxy/enableSecurityCheck consul key to “Yes”, after this all proxy request for images and assets require a valid JWT.