The mediaServices/contentKeyPolicies resource type can be deployed to:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Media/mediaServices/contentKeyPolicies resource, add the following JSON to your template.
{
"type": "Microsoft.Media/mediaServices/contentKeyPolicies",
"apiVersion": "2022-08-01",
"name": "string",
"properties": {
"description": "string",
"options": [
{
"configuration": {
"@odata.type": "string"
// For remaining properties, see ContentKeyPolicyConfiguration objects
},
"name": "string",
"restriction": {
"@odata.type": "string"
// For remaining properties, see ContentKeyPolicyRestriction objects
}
}
]
}
}
Set the @odata.type property to specify the type of object.
For #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration"
For #Microsoft.Media.ContentKeyPolicyFairPlayConfiguration, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration",
"ask": {},
"fairPlayPfx": "string",
"fairPlayPfxPassword": "string",
"offlineRentalConfiguration": {
"playbackDurationSeconds": "int",
"storageDurationSeconds": "int"
},
"rentalAndLeaseKeyType": "string",
"rentalDuration": "int"
For #Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration",
"licenses": [
{
"allowTestDevices": "bool",
"beginDate": "string",
"contentKeyLocation": {
"@odata.type": "string"
// For remaining properties, see ContentKeyPolicyPlayReadyContentKeyLocation objects
},
"contentType": "string",
"expirationDate": "string",
"gracePeriod": "string",
"licenseType": "string",
"playRight": {
"agcAndColorStripeRestriction": "int",
"allowPassingVideoContentToUnknownOutput": "string",
"analogVideoOpl": "int",
"compressedDigitalAudioOpl": "int",
"compressedDigitalVideoOpl": "int",
"digitalVideoOnlyContentRestriction": "bool",
"explicitAnalogTelevisionOutputRestriction": {
"bestEffort": "bool",
"configurationData": "int"
},
"firstPlayExpiration": "string",
"imageConstraintForAnalogComponentVideoRestriction": "bool",
"imageConstraintForAnalogComputerMonitorRestriction": "bool",
"scmsRestriction": "int",
"uncompressedDigitalAudioOpl": "int",
"uncompressedDigitalVideoOpl": "int"
},
"relativeBeginDate": "string",
"relativeExpirationDate": "string",
"securityLevel": "string"
}
],
"responseCustomData": "string"
For #Microsoft.Media.ContentKeyPolicyUnknownConfiguration, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyUnknownConfiguration"
For #Microsoft.Media.ContentKeyPolicyWidevineConfiguration, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyWidevineConfiguration",
"widevineTemplate": "string"
Set the @odata.type property to specify the type of object.
For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader"
For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier",
"keyId": "string"
Set the @odata.type property to specify the type of object.
For #Microsoft.Media.ContentKeyPolicyOpenRestriction, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyOpenRestriction"
For #Microsoft.Media.ContentKeyPolicyTokenRestriction, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyTokenRestriction",
"alternateVerificationKeys": [
{
"@odata.type": "string"
// For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
}
],
"audience": "string",
"issuer": "string",
"openIdConnectDiscoveryDocument": "string",
"primaryVerificationKey": {
"@odata.type": "string"
// For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
},
"requiredClaims": [
{
"claimType": "string",
"claimValue": "string"
}
],
"restrictionTokenType": "string"
For #Microsoft.Media.ContentKeyPolicyUnknownRestriction, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyUnknownRestriction"
Set the @odata.type property to specify the type of object.
For #Microsoft.Media.ContentKeyPolicyRsaTokenKey, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyRsaTokenKey",
"exponent": {},
"modulus": {}
For #Microsoft.Media.ContentKeyPolicySymmetricTokenKey, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicySymmetricTokenKey",
"keyValue": {}
For #Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey, use:
"@odata.type": "#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey",
"rawBody": {}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Media/mediaServices/contentKeyPolicies' |
apiVersion | The resource api version | '2022-08-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
properties | The properties of the Content Key Policy. | ContentKeyPolicyProperties |
Name | Description | Value |
---|---|---|
description | A description for the Policy. | string |
options | The Key Policy options. | ContentKeyPolicyOption[] (required) |
Name | Description | Value |
---|---|---|
configuration | The key delivery configuration. | ContentKeyPolicyConfiguration (required) |
name | The Policy Option description. | string |
restriction | The requirements that must be met to deliver keys with this configuration | ContentKeyPolicyRestriction (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration' (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration' (required) |
ask | The key that must be used as FairPlay Application Secret key. This needs to be base64 encoded. | |
fairPlayPfx | The Base64 representation of FairPlay certificate in PKCS 12 (pfx) format (including private key). | string (required) |
fairPlayPfxPassword | The password encrypting FairPlay certificate in PKCS 12 (pfx) format. | string (required) |
offlineRentalConfiguration | Offline rental policy | ContentKeyPolicyFairPlayOfflineRentalConfiguration |
rentalAndLeaseKeyType | The rental and lease key type. | 'DualExpiry' 'PersistentLimited' 'PersistentUnlimited' 'Undefined' 'Unknown' (required) |
rentalDuration | The rental duration. Must be greater than or equal to 0. | int (required) |
Name | Description | Value |
---|---|---|
playbackDurationSeconds | Playback duration | int (required) |
storageDurationSeconds | Storage duration | int (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration' (required) |
licenses | The PlayReady licenses. | ContentKeyPolicyPlayReadyLicense[] (required) |
responseCustomData | The custom response data. | string |
Name | Description | Value |
---|---|---|
allowTestDevices | A flag indicating whether test devices can use the license. | bool (required) |
beginDate | The begin date of license | string |
contentKeyLocation | The content key location. | ContentKeyPolicyPlayReadyContentKeyLocation (required) |
contentType | The PlayReady content type. | 'UltraVioletDownload' 'UltraVioletStreaming' 'Unknown' 'Unspecified' (required) |
expirationDate | The expiration date of license. | string |
gracePeriod | The grace period of license. | string |
licenseType | The license type. | 'NonPersistent' 'Persistent' 'Unknown' (required) |
playRight | The license PlayRight | ContentKeyPolicyPlayReadyPlayRight |
relativeBeginDate | The relative begin date of license. | string |
relativeExpirationDate | The relative expiration date of license. | string |
securityLevel | The security level. | 'SL150' 'SL2000' 'SL3000' 'Unknown' |
Name | Description | Value |
---|---|---|
@odata.type | Set the object type | #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader' (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier' (required) |
keyId | The content key ID. | string (required) |
Name | Description | Value |
---|---|---|
agcAndColorStripeRestriction | Configures Automatic Gain Control (AGC) and Color Stripe in the license. Must be between 0 and 3 inclusive. | int |
allowPassingVideoContentToUnknownOutput | Configures Unknown output handling settings of the license. | 'Allowed' 'AllowedWithVideoConstriction' 'NotAllowed' 'Unknown' (required) |
analogVideoOpl | Specifies the output protection level for compressed digital audio. | int |
compressedDigitalAudioOpl | Specifies the output protection level for compressed digital audio. | int |
compressedDigitalVideoOpl | Specifies the output protection level for compressed digital video. | int |
digitalVideoOnlyContentRestriction | Enables the Image Constraint For Analog Component Video Restriction in the license. | bool (required) |
explicitAnalogTelevisionOutputRestriction | Configures the Explicit Analog Television Output Restriction in the license. Configuration data must be between 0 and 3 inclusive. | ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes... |
firstPlayExpiration | The amount of time that the license is valid after the license is first used to play content. | string |
imageConstraintForAnalogComponentVideoRestriction | Enables the Image Constraint For Analog Component Video Restriction in the license. | bool (required) |
imageConstraintForAnalogComputerMonitorRestriction | Enables the Image Constraint For Analog Component Video Restriction in the license. | bool (required) |
scmsRestriction | Configures the Serial Copy Management System (SCMS) in the license. Must be between 0 and 3 inclusive. | int |
uncompressedDigitalAudioOpl | Specifies the output protection level for uncompressed digital audio. | int |
uncompressedDigitalVideoOpl | Specifies the output protection level for uncompressed digital video. | int |
Name | Description | Value |
---|---|---|
bestEffort | Indicates whether this restriction is enforced on a Best Effort basis. | bool (required) |
configurationData | Configures the restriction control bits. Must be between 0 and 3 inclusive. | int (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyUnknownConfiguration' (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyWidevineConfiguration' (required) |
widevineTemplate | The Widevine template. | string (required) |
Name | Description | Value |
---|---|---|
@odata.type | Set the object type | #Microsoft.Media.ContentKeyPolicyOpenRestriction #Microsoft.Media.ContentKeyPolicyTokenRestriction #Microsoft.Media.ContentKeyPolicyUnknownRestriction (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyOpenRestriction' (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyTokenRestriction' (required) |
alternateVerificationKeys | A list of alternative verification keys. | ContentKeyPolicyRestrictionTokenKey[] |
audience | The audience for the token. | string (required) |
issuer | The token issuer. | string (required) |
openIdConnectDiscoveryDocument | The OpenID connect discovery document. | string |
primaryVerificationKey | The primary verification key. | ContentKeyPolicyRestrictionTokenKey (required) |
requiredClaims | A list of required token claims. | ContentKeyPolicyTokenClaim[] |
restrictionTokenType | The type of token. | 'Jwt' 'Swt' 'Unknown' (required) |
Name | Description | Value |
---|---|---|
@odata.type | Set the object type | #Microsoft.Media.ContentKeyPolicyRsaTokenKey #Microsoft.Media.ContentKeyPolicySymmetricTokenKey #Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey (required) |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyRsaTokenKey' (required) |
exponent | The RSA Parameter exponent | |
modulus | The RSA Parameter modulus |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicySymmetricTokenKey' (required) |
keyValue | The key value of the key |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey' (required) |
rawBody | The raw data field of a certificate in PKCS 12 format (X509Certificate2 in .NET) |
Name | Description | Value |
---|---|---|
claimType | Token claim type. | string |
claimValue | Token claim value. | string |
Name | Description | Value |
---|---|---|
@odata.type | The discriminator for derived types. | '#Microsoft.Media.ContentKeyPolicyUnknownRestriction' (required) |