Skip to main content

Encoding Security

This article discusses the content security during encoding. You can find an overview of the entire encoding process in the Encoding Overview article.

During encoding, your content is safe thanks to credentials protection and the removal of the source files.

Credentials Protection

Every time secrets are passed to the Encoding API, they can (and should) be passed in an encrypted form.

Read: Apply credentials protection.

Removal of the Source Files

The Encoding Service is a stateless service. You upload a video to the input storage. The video is processed. The encoded and protected video is stored to the output storage. Nothing about the video stays with the Encoding Service (other than the log files). But what is with the input storage? Unlike the output storage, the input storage contains the content in clear (=not encrypted). To reduce the risks, the time that the video spends in clear should be minimized.

To facilitate this, the Encoding Service can be instructed to delete the source files once the job is successfully processed. The content is deleted even if the job fails.

note

The on-premise version of the Encoding Service won’t delete the source files if the job fails.

{
"ContentProcessing" : {
...
"DeleteFilesFromSourceWhenDone": true,
...
}
}

It is recommended to activate this option for increased content security.

Caution

If you do not possess the original video files (e.g. you purchase them from the content owner), be careful with deleting the source files from the input storage, if it is the only unencrypted copy you have. Once processed, the video cannot be returned back to the original form. However, if you store additional clear copies of the videos, be sure you apply the necessary security measures to protect against any relevant threat.

note

To use this option, the credentials used for the input storage shall grant the write access, not only read access.