Skip to main content
The BlindCast key server is a Docker image that handles everything your player and uploader need: derive content keys, authenticate viewers, manage leases, and generate presigned upload URLs.
Looking for the full server? The standalone key server documented here derives keys for any content ID you request. The BlindCast Server adds a content registry, API keys, an admin dashboard, and only derives keys for registered content. Use the full server for new deployments; use the standalone key server if you only need key derivation and manage content IDs yourself.

Quick start

Generate a master key and salt with the CLI:

Endpoints

What it does

  1. Key derivation: Derives per-content keys from the master key using HKDF-SHA-256
  2. Authentication: Validates JWTs before issuing keys (configurable via env vars)
  3. Leases: Time-limited access tokens that can be revoked server-side
  4. Presign: Generates presigned S3 URLs for the browser uploader

Configuration at a glance

See Configuration for the full reference.

Next steps