Create keysets

This guide demonstrates how to create a keyset for Media CDN.

Before you begin

The EdgeCacheKeyset that you configure for verifying signed request tokens must include the correct keys for the signature algorithm that you choose.

The following table describes each of the signature algorithms and their required keys.

signatureAlgorithm Required keys in keyset
Ed25519 publicKeys
HMAC-SHA1 validationSharedKeys
HMAC-SHA256 validationSharedKeys

At a minimum, you must have either a public key or a validation shared key. You can have up to three public keys and three validation shared keys, for a total of six keys per keyset. For information on generating HMACs when using dual-token authentication, see Generate tokens.

Create a keyset

Create a new keyset with a single public key by doing the following:

Console

  1. Go to the Media CDN page in the Google Cloud console.
    Go to Media CDN
  2. Click the Keysets tab.
  3. Click Create keyset.
  4. In the Name field, enter keyset name—for example, prod-vod-keyset.
  5. Optional: Add a description for your keyset.
  6. Optional: Add one or more labels for your keyset.
  7. In the ID field, enter an alpha-numeric ID, such as first-key.
  8. In the Value enter your generated Ed25519 public key.
  9. Click Done.

gcloud CLI

gcloud edge-cache keysets create SHORT_KEYSET_NAME \
    --public-key='id=SSL_PUBLIC_KEY_NAME,value=SSL_PUBLIC_KEY_VALUE'

Replace the following:

  • SHORT_KEYSET_NAME: The keyset name that you want
  • SSL_PUBLIC_KEY_NAME: The name of your SSL public key
  • SSL_PUBLIC_KEY_VALUE: The value of your SSL public key

The output is similar to the following:

[Keyset "prod-vod-keyset" created]

You can review the keys associated with a keyset by inspecting (describing) it by name: 

gcloud edge-cache keysets describe prod-vod-keyset

The output is similar to the following:

name: prod-vod-keyset
description: "Keyset for prod.example.com"
publicKeys:
- id: "key-20200918"
  value: "DThVLjhAKm3VYOvLBAwFZ5XbjVyF98Ias8NZU0WEM9w"
- id: "key-20200808"
  value: "Lw7LDSaDUrbDdqpPA6JEmMF5BA5GPtd7sAjvsnh7uDA="

Terraform

resource "google_network_services_edge_cache_keyset" "default" {
  name        = "prod-vod-keyset"
  description = "Keyset for prod.example.com"
  public_key {
    id    = "key-20200918"
    value = "FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY" # Update Ed25519 public key
  }
  public_key {
    id    = "key-20200808"
    value = "Lw7LDSaDUrbDdqpPA6JEmMF5BA5GPtd7sAjvsnh7uDA=" # Update Ed25519 public key
  }
}