Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blindcast.dev/llms.txt

Use this file to discover all available pages before exploring further.

BlindCast is a drop-in platform for zero-knowledge encrypted video. Unlike standard HLS encryption — where your server generates keys, encrypts segments, and has full access to plaintext — BlindCast encrypts on the creator’s device and decrypts only in the viewer’s browser. Your server never touches plaintext or key material. You get everything you need to ship this in production: player SDKs, upload encryption, key management, and a production-ready server — so you’re not spending months building video infrastructure from scratch.

What you get

Player

Drop-in encrypted HLS playback for any web app. Single import, attach to a video element, point at your key server. 10 lines of code.

CLI

One command-line tool for everything server-side. Generate keys, encrypt HLS segments, upload to S3, and run a local dev server. npx @blindcast/cli.

Uploader

Browser-side upload SDK for web apps where end users upload video. Encrypts in the browser, uploads to S3 via presigned URLs. One function call.

Key Server

Reference key server as a Docker image. Pull, configure, run. Handles key derivation, authentication, leases, and presigned URLs.

How it fits together

  • Creator side: The CLI (server-side) or Uploader (browser-side) encrypts HLS segments and uploads them to S3.
  • Key Server: Derives per-content encryption keys from a single master key. Authenticates viewers before issuing keys.
  • Viewer side: The Player fetches the manifest from your CDN, gets the content key from the key server, and decrypts each segment in the browser.
The server stores and serves only encrypted bytes. It cannot decrypt the video — even if your storage is compromised, the content remains protected.

Who uses what

Your roleStart here
Evaluating BlindCastQuick Start — see encrypted playback in ~10 minutes
Frontend engineer adding a playerPlayer docscreatePlayer() in 10 lines
Backend engineer encrypting videoCLI docsblindcast encrypt and blindcast upload
Frontend engineer adding uploadUploader docs — single upload() function
DevOps deploying to productionKey Server docsdocker run blindcast/keyserver
Ready to see it in action? Quick Start →