This guide demonstrates how to create a keyset for Media CDN.
Before you begin
The EdgeCacheKeyset
that you configure for verifying signed request tokens
must include the correct keys for the signature algorithm that you choose.
The following table describes each of the signature algorithms and their required keys.
signatureAlgorithm | Required keys in keyset |
---|---|
Ed25519 | publicKeys |
HMAC-SHA1 | validationSharedKeys |
HMAC-SHA256 | validationSharedKeys |
At a minimum, you must have either a public key or a validation shared key. You can have up to three public keys and three validation shared keys, for a total of six keys per keyset. For information on generating HMACs when using dual-token authentication, see Generate tokens.
Create a keyset
Create a new keyset with a single public key by doing the following:
Console
- Go to the Media CDN page in the Google Cloud console.
Go to Media CDN - Click the Keysets tab.
- Click Create keyset.
- In the Name field, enter keyset name—for example,
prod-vod-keyset
. - Optional: Add a description for your keyset.
- Optional: Add one or more labels for your keyset.
- In the ID field, enter an alpha-numeric ID, such as
first-key
. - In the Value enter your generated Ed25519 public key.
- Click Done.
gcloud CLI
gcloud edge-cache keysets create SHORT_KEYSET_NAME \ --public-key='id=SSL_PUBLIC_KEY_NAME,value=SSL_PUBLIC_KEY_VALUE'
Replace the following:
SHORT_KEYSET_NAME
: The keyset name that you wantSSL_PUBLIC_KEY_NAME
: The name of your SSL public keySSL_PUBLIC_KEY_VALUE
: The value of your SSL public key
The output is similar to the following:
[Keyset "prod-vod-keyset" created]
You can review the keys associated with a keyset by inspecting (describing) it by name:
gcloud edge-cache keysets describe prod-vod-keyset
The output is similar to the following:
name: prod-vod-keyset description: "Keyset for prod.example.com" publicKeys: - id: "key-20200918" value: "DThVLjhAKm3VYOvLBAwFZ5XbjVyF98Ias8NZU0WEM9w" - id: "key-20200808" value: "Lw7LDSaDUrbDdqpPA6JEmMF5BA5GPtd7sAjvsnh7uDA="