mode

val mode: String?

The specific server-side encryption mode that you want Elastic Transcoder to use when decrypting your input files or encrypting your output files. Elastic Transcoder supports the following options:

  • s3: Amazon S3 creates and manages the keys used for encrypting your files.

  • s3-aws-kms: Amazon S3 calls the Amazon Key Management Service, which creates and manages the keys that are used for encrypting your files. If you specify s3-aws-kms and you don't want to use the default key, you must add the AWS-KMS key that you want to use to your pipeline.

  • aes-cbc-pkcs7: A padded cipher-block mode of operation originally used for HLS files.

  • aes-ctr: AES Counter Mode.

  • aes-gcm: AES Galois Counter Mode, a mode of operation that is an authenticated encryption format, meaning that a file, key, or initialization vector that has been tampered with fails the decryption process.

For all three AES options, you must provide the following settings, which must be base64-encoded:

  • Key

  • Key MD5

  • Initialization Vector

For the AES modes, your private encryption keys and your unencrypted data are never stored by AWS; therefore, it is important that you safely manage your encryption keys. If you lose them, you won't be able to unencrypt your data.