Looking for the full server? The standalone key server documented here derives keys for any content ID you request. The BlindCast Server adds a content registry, API keys, an admin dashboard, and only derives keys for registered content. Use the full server for new deployments; use the standalone key server if you only need key derivation and manage content IDs yourself.
Quick start
Endpoints
What it does
- Key derivation: Derives per-content keys from the master key using HKDF-SHA-256
- Authentication: Validates JWTs before issuing keys (configurable via env vars)
- Leases: Time-limited access tokens that can be revoked server-side
- Presign: Generates presigned S3 URLs for the browser uploader
Configuration at a glance
See Configuration for the full reference.
Next steps
- Configuration — env vars, auth, CORS
- Database — SQLite vs. Postgres
- Presign Endpoint — enable browser uploads
- Leases — revoke access without re-encrypting