The BlindCast key server is a Docker image that handles everything your player and uploader need: derive content keys, authenticate viewers, manage leases, and generate presigned upload URLs.Documentation Index
Fetch the complete documentation index at: https://docs.blindcast.dev/llms.txt
Use this file to discover all available pages before exploring further.
Looking for the full server? The standalone key server documented here derives keys for any content ID you request. The BlindCast Server adds a content registry, API keys, an admin dashboard, and only derives keys for registered content. Use the full server for new deployments; use the standalone key server if you only need key derivation and manage content IDs yourself.
Quick start
Endpoints
| Method | Path | Description |
|---|---|---|
GET | /keys/:contentId | Content key (16 raw bytes) |
GET | /keys/:contentId/:epoch | Epoch key (for key rotation) |
POST | /keys/leases | Create a lease |
POST | /keys/leases/renew | Renew a lease |
POST | /presign | Get a presigned S3 upload URL |
GET | /health | Health check |
What it does
- Key derivation: Derives per-content keys from the master key using HKDF-SHA-256
- Authentication: Validates JWTs before issuing keys (configurable via env vars)
- Leases: Time-limited access tokens that can be revoked server-side
- Presign: Generates presigned S3 URLs for the browser uploader
Configuration at a glance
| Env var | Required | Description |
|---|---|---|
MASTER_KEY_HEX | Yes | Master key as hex (from blindcast keygen) |
SALT_HEX | Yes | Salt as hex (from blindcast keygen) |
CORS_ORIGINS | Yes | Allowed CORS origin(s) |
AUTH_JWT_SECRET | No | HS256 JWT secret for auth |
AUTH_JWKS_URL | No | JWKS URL for RS256/ES256 auth |
ENABLE_PRESIGN | No | Enable presign endpoint (true/false) |
DATABASE_URL | No | Postgres URL (default: SQLite at /data/blindcast.db) |
Next steps
- Configuration — env vars, auth, CORS
- Database — SQLite vs. Postgres
- Presign Endpoint — enable browser uploads
- Leases — revoke access without re-encrypting