Skip to content

StreamSigningKey

Source: src/Cloudflare/Stream/SigningKey.ts

A Cloudflare Stream signing key — an RSA key pair used to sign viewer playback tokens for videos that require signed URLs.

The key material (pem/jwk) is returned by Cloudflare only at creation time; it is persisted as redacted attributes in state and can never be re-read from the API. If the key is deleted out-of-band, reconcile creates a brand-new key with new material — anything derived from the old key (signed tokens) must be re-derived from the new attributes.

Requires the Stream subscription to be enabled on the account.

Creating a signing key

Section titled “Creating a signing key”
const key = yield* Cloudflare.StreamSigningKey("PlaybackKey", {});


// key.pem / key.jwk are Redacted<string> — use them server-side to
// sign playback tokens for videos with requireSignedURLs enabled.
const pem = key.pem;