> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blindcast.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# What is BlindCast?

> BlindCast is a drop-in zero-knowledge video platform. Unlike standard HLS encryption where your server holds the keys, BlindCast encrypts on the client and your infrastructure never sees plaintext.

BlindCast is a drop-in platform for **zero-knowledge encrypted video**. Unlike standard HLS encryption — where your server generates keys, encrypts segments, and has full access to plaintext — BlindCast encrypts on the creator's device and decrypts only in the viewer's browser. Your server never touches plaintext or key material.

You get everything you need to ship this in production: player SDKs, upload encryption, key management, and a production-ready server — so you're not spending months building video infrastructure from scratch.

## What you get

<CardGroup cols={2}>
  <Card title="Player" icon="play" href="/player/overview">
    Drop-in encrypted HLS playback for any web app. Single import, attach to a video element, point at your key server. 10 lines of code.
  </Card>

  <Card title="CLI" icon="terminal" href="/cli/overview">
    One command-line tool for everything server-side. Generate keys, encrypt HLS segments, upload to S3, and run a local dev server. `npx @blindcast/cli`.
  </Card>

  <Card title="Uploader" icon="cloud-arrow-up" href="/uploader/overview">
    Browser-side upload SDK for web apps where end users upload video. Encrypts in the browser, uploads to S3 via presigned URLs. One function call.
  </Card>

  <Card title="Key Server" icon="server" href="/key-server/overview">
    Reference key server as a Docker image. Pull, configure, run. Handles key derivation, authentication, leases, and presigned URLs.
  </Card>
</CardGroup>

## How it fits together

```mermaid theme={null}
graph LR
  Creator["Creator's device"]
  CLI["CLI / Uploader<br/>encrypt + upload"]
  S3["S3 / CDN<br/>opaque bytes"]
  KS["Key Server<br/>Docker or Workers"]
  Player["Player<br/>decrypt in browser"]
  Viewer["Viewer's device"]

  Creator --> CLI
  CLI -->|encrypted segments| S3
  S3 -->|encrypted segments| Player
  KS -->|content key| Player
  Player --> Viewer
```

* **Creator side:** The CLI (server-side) or Uploader (browser-side) encrypts HLS segments and uploads them to S3.
* **Key Server:** Derives per-content encryption keys from a single master key. Authenticates viewers before issuing keys.
* **Viewer side:** The Player fetches the manifest from your CDN, gets the content key from the key server, and decrypts each segment in the browser.

The server stores and serves only encrypted bytes. It cannot decrypt the video — even if your storage is compromised, the content remains protected.

## Who uses what

| Your role                             | Start here                                                                           |
| ------------------------------------- | ------------------------------------------------------------------------------------ |
| **Evaluating BlindCast**              | [Quick Start](/getting-started/quick-start) — see encrypted playback in \~10 minutes |
| **Frontend engineer** adding a player | [Player docs](/player/overview) — `createPlayer()` in 10 lines                       |
| **Backend engineer** encrypting video | [CLI docs](/cli/overview) — `blindcast encrypt` and `blindcast upload`               |
| **Frontend engineer** adding upload   | [Uploader docs](/uploader/overview) — single `upload()` function                     |
| **DevOps** deploying to production    | [Key Server docs](/key-server/overview) — `docker run blindcast/keyserver`           |

Ready to see it in action? [Quick Start →](/getting-started/quick-start)
