Segmented Asset Encryption

FlexREVIEW supports playback for encrypted segmented assets. At present, we support encryption for HLS assets using an AES-128 encryption.

Enabling Segmented Asset Encryption

You must set up your account’s CDN resource so that it uses an S3 bucket in Dalet Flex Core:

  1. Click New.

  2. Click Resource.

  3. Create a new CDN Storage Resource.

  4. Click the Configuration sub-tab.

  5. Click Edit.

  6. Configure the following fields for the resource’s read location:

    • Protocol: Select HTTPS.
    • Hostname: This is the AWS host for your S3 bucket. Example: “flex-media-library.s3.amazonaws.com”.
    • Path: The path inside your bucket. Example: “/flex-reviewer-app”.
    • Key: The S3 access key for your bucket.
    • Secret: The S3 secret key for your bucket.
  7. Configure the following fields for the resource’s write location:

    • Protocol: Select S3.
    • Path: The path inside your bucket. This should be the same as the read configuration above. Example: “/flex-reviewer-app”.
    • Key: The S3 access key for your bucket.
    • Secret: The S3 secret key for your bucket.
    • Bucket: The name of your bucket . Example: “flex-media-library”.
  8. Click Save, to save the configuration.

  9. Click Start, to start the resource.

  10. Navigate to the configuration section for your account, click the Metadata tab, and set the Publish CDN resource so that it uses the one you have just created.

  11. Enable Flex NGINX Proxy for S3 assets in the FlexREVIEW app, by setting the following consul keys:

    • Set flex/flex-reviewer-app/enableS3Proxyto “Yes” (This key is exclusive for FlexREVIEW. MAM already requests S3 assets from the Flex NGINX Proxy).
    • Set flex/flex-reviewer-app/proxyBaseUrl to the URL of your Flex NGINX Proxy instance(s). If you are already accessing the FlexREVIEW app from the Flex NGINX Proxy, then the domain name should be the same.
  12. Configure an instance profile with access to your S3 bucket on your flex-nginx-proxy instance(s).

  13. Enable segmented asset encryption in the Flex NGINX Proxy by setting the following consul key:

    • Set the flex/flex-nginx-proxy/encryptSegmentedAssets to “Yes”.

Secure Images and Assets in FlexREVIEW

Images and assets can be now be served to FlexREVIEW through the Flex NGINX Proxy and it can be configured to require authentication on each request.

To enable it, set the flex/flex-nginx-proxy/enableSecurityCheck consul key to “Yes”. Now all proxy request for images and assets require a valid JWT.