Deploying SPEKE

Your digital rights management (DRM) solution provider can help you get set up to use DRM encryption in MediaPackage. Generally, the provider gives you a SPEKE gateway to deploy in your AWS account in the same AWS Region where MediaPackage is running. Along with configuring your origin endpoints with the right encryption settings, you must configure event notifications for the key provider events that MediaPackage is generating as CloudWatch Events. For information about configuring encryption settings for your endpoint, see the applicable section for your protocol: HLS encryption fields, MSS encryption fields, CMAF encryption fields, and DASH encryption fields.

If you must build your own API Gateway to connect MediaPackage to your key service, you can use the SPEKE Reference Server available on GitHub as a starting point.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Choosing the right SPEKE Version

Preparing and managing certificates for use with content keys