AWS Elemental MediaConnect
User Guide

Key Management in AWS Elemental MediaConnect

You can protect your content from unauthorized use through encryption. Store your encryption keys in AWS Secrets Manager, and then give AWS Elemental MediaConnect permission to obtain the encryption keys from your Secrets Manager account.

Storing Encryption Keys in AWS Secrets Manager

The Secrets Manager secret that stores your encryption keys must be created using the same AWS account that creates the flow. AWS Elemental MediaConnect does not support cross-account sharing of secrets.

To store encryption keys in Secrets Manager (console)

  1. Sign in to the AWS Secrets Manager console at

  2. Choose Store a new secret.

  3. In the Select secret type section, choose Other type of secrets.

  4. In the Specify the key/value pairs to be stored for this secret section, choose Plain text.

  5. Clear any text in the box and replace it with the password value.

  6. Keep the Select the encryption key set to DefaultEncryptionKey.

  7. Choose Next.

  8. For Secret name, specify a name for your password. For example, 2018-12-01_baseball-game-source.

  9. Choose Next.

  10. In the Configure automatic rotation section, choose Disable automatic rotation.

  11. Choose Next, and then choose Store.

  12. The details page for your new secret appears, showing information such as the secret ARN. You will need this value when you create a flow that uses the encryption key that you just stored.

On this page: