Console
    Contact Us Start free

    Create and update keysets

    This guide shows how to create and update keysets for Media CDN.

    Before you begin

    The EdgeCacheKeyset that you configure for verifying signed request tokens must include the correct keys for the signature algorithm that you choose.

    The following table describes each of the signature algorithms and their required keys.

    Signature algorithm Required keys in the keyset
    Ed25519 Public keys
    HMAC-SHA1 Validation shared keys
    HMAC-SHA256 Validation shared keys

    At a minimum, you must have either a public key or a validation shared key. You can have up to three public keys and three validation shared keys, for a total of six keys per keyset. For information on generating HMACs when using dual-token authentication , see Generate tokens .

    Create a keyset

    To create a new keyset, do the following:

    Console

    1. In the Google Cloud console, go to the Media CDN page.

      Go to Media CDN

    2. Click the Keysets tab.
    3. Click Create keyset .
    4. For Name , enter a unique keyset name—for example, prod-vod-keyset .
    5. Optional: For Description , enter a description for your keyset.
    6. Optional: Click Add label and enter one or more key-value pairs for your keyset.
    7. Specify at least one public key or one validation key.

      To specify a public key, click Add public key and then do the following:

      1. For ID , enter an alphanumeric ID.
      2. Select Enter the value and specify the base64-encoded value of your Ed25519 public key. Alternatively, select Use Google-managed key for dual-token authentication .
    8. To specify a validation shared key, click Add validation shared key , and then do the following:
      1. For Secret , select a secret from the list, enter a secret manually by specifying its resource ID, or create a new secret and then select it.
      2. For Secret version , select a secret version from the list or create a new secret version and then select it.
    9. Click Create keyset .

    gcloud

    Use the gcloud edge-cache keysets create command .

    gcloud edge-cache keysets create SHORT_KEYSET_NAME 
\
    --public-key='id= SSL_PUBLIC_KEY_NAME 
,value= SSL_PUBLIC_KEY_VALUE 
'

    Replace the following:

    • SHORT_KEYSET_NAME : a unique name for the keyset—for example, prod-vod-keyset
    • SSL_PUBLIC_KEY_NAME : the name of your SSL public key
    • SSL_PUBLIC_KEY_VALUE : the value of your SSL public key

    Review the keys associated with a keyset. Use the gcloud edge-cache keysets describe command .

    gcloud edge-cache keysets describe prod-vod-keyset

    The output is similar to the following:

    name: prod-vod-keyset
description: "Keyset for prod.example.com"
publicKeys:
  - id: "key-20200918"
    value: "DThVLjhAKm3VYOvLBAwFZ5XbjVyF98Ias8NZU0WEM9w"
  - id: "key-20200808"
    value: "Lw7LDSaDUrbDdqpPA6JEmMF5BA5GPtd7sAjvsnh7uDA="

    Terraform

     resource "google_network_services_edge_cache_keyset" "default" {
  name        = "prod-vod-keyset"
  description = "Keyset for prod.example.com"
  public_key {
    id    = "key-20200918"
    value = "FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY" # Update Ed25519 public key
  }
  public_key {
    id    = "key-20200808"
    value = "Lw7LDSaDUrbDdqpPA6JEmMF5BA5GPtd7sAjvsnh7uDA=" # Update Ed25519 public key
  }
}

    Modify a keyset

    To modify a keyset, do the following:

    Console

    1. In the Google Cloud console, go to the Media CDN page.

      Go to Media CDN

    2. Click the Keysets tab.
    3. Click the keyset name.
    4. To switch to the edit mode, click the Edit button.
    5. Make the changes that you need, and then click Update keyset .

    gcloud

    Use the gcloud edge-cache keysets update command :

    gcloud edge-cache keysets update KEYSET_NAME
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: