mode
The specific server-side encryption mode that you want Elastic Transcoder to use when decrypting your input files or encrypting your output files. Elastic Transcoder supports the following options:
s3: Amazon S3 creates and manages the keys used for encrypting your files.
s3-aws-kms: Amazon S3 calls the Amazon Key Management Service, which creates and manages the keys that are used for encrypting your files. If you specify
s3-aws-kms
and you don't want to use the default key, you must add the AWS-KMS key that you want to use to your pipeline.aes-cbc-pkcs7: A padded cipher-block mode of operation originally used for HLS files.
aes-ctr: AES Counter Mode.
aes-gcm: AES Galois Counter Mode, a mode of operation that is an authenticated encryption format, meaning that a file, key, or initialization vector that has been tampered with fails the decryption process.
For all three AES options, you must provide the following settings, which must be base64-encoded:
Key
Key MD5
Initialization Vector
For the AES modes, your private encryption keys and your unencrypted data are never stored by AWS; therefore, it is important that you safely manage your encryption keys. If you lose them, you won't be able to unencrypt your data.