Microsoft.Media mediaServices/contentKeyPolicies

Bicep resource definition

The mediaServices/contentKeyPolicies resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Media/mediaServices/contentKeyPolicies resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Media/mediaServices/contentKeyPolicies@2022-08-01' = {
  name: 'string'
  parent: resourceSymbolicName
  properties: {
    description: 'string'
    options: [
      {
        configuration: {
          '@odata.type': 'string'
          // For remaining properties, see ContentKeyPolicyConfiguration objects
        }
        name: 'string'
        restriction: {
          '@odata.type': 'string'
          // For remaining properties, see ContentKeyPolicyRestriction objects
        }
      }
    ]
  }
}

ContentKeyPolicyConfiguration objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration'

For #Microsoft.Media.ContentKeyPolicyFairPlayConfiguration, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration'
  ask: any()
  fairPlayPfx: 'string'
  fairPlayPfxPassword: 'string'
  offlineRentalConfiguration: {
    playbackDurationSeconds: int
    storageDurationSeconds: int
  }
  rentalAndLeaseKeyType: 'string'
  rentalDuration: int

For #Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration'
  licenses: [
    {
      allowTestDevices: bool
      beginDate: 'string'
      contentKeyLocation: {
        '@odata.type': 'string'
        // For remaining properties, see ContentKeyPolicyPlayReadyContentKeyLocation objects
      }
      contentType: 'string'
      expirationDate: 'string'
      gracePeriod: 'string'
      licenseType: 'string'
      playRight: {
        agcAndColorStripeRestriction: int
        allowPassingVideoContentToUnknownOutput: 'string'
        analogVideoOpl: int
        compressedDigitalAudioOpl: int
        compressedDigitalVideoOpl: int
        digitalVideoOnlyContentRestriction: bool
        explicitAnalogTelevisionOutputRestriction: {
          bestEffort: bool
          configurationData: int
        }
        firstPlayExpiration: 'string'
        imageConstraintForAnalogComponentVideoRestriction: bool
        imageConstraintForAnalogComputerMonitorRestriction: bool
        scmsRestriction: int
        uncompressedDigitalAudioOpl: int
        uncompressedDigitalVideoOpl: int
      }
      relativeBeginDate: 'string'
      relativeExpirationDate: 'string'
      securityLevel: 'string'
    }
  ]
  responseCustomData: 'string'

For #Microsoft.Media.ContentKeyPolicyUnknownConfiguration, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyUnknownConfiguration'

For #Microsoft.Media.ContentKeyPolicyWidevineConfiguration, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyWidevineConfiguration'
  widevineTemplate: 'string'

ContentKeyPolicyPlayReadyContentKeyLocation objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader'

For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier'
  keyId: 'string'

ContentKeyPolicyRestriction objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyOpenRestriction, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyOpenRestriction'

For #Microsoft.Media.ContentKeyPolicyTokenRestriction, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyTokenRestriction'
  alternateVerificationKeys: [
    {
      '@odata.type': 'string'
      // For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
    }
  ]
  audience: 'string'
  issuer: 'string'
  openIdConnectDiscoveryDocument: 'string'
  primaryVerificationKey: {
    '@odata.type': 'string'
    // For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
  }
  requiredClaims: [
    {
      claimType: 'string'
      claimValue: 'string'
    }
  ]
  restrictionTokenType: 'string'

For #Microsoft.Media.ContentKeyPolicyUnknownRestriction, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyUnknownRestriction'

ContentKeyPolicyRestrictionTokenKey objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyRsaTokenKey, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyRsaTokenKey'
  exponent: any()
  modulus: any()

For #Microsoft.Media.ContentKeyPolicySymmetricTokenKey, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicySymmetricTokenKey'
  keyValue: any()

For #Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey, use:

  '@odata.type': '#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey'
  rawBody: any()

Property values

mediaServices/contentKeyPolicies

Name Description Value
name The resource name

See how to set names and types for child resources in Bicep.
string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: mediaServices
properties The properties of the Content Key Policy. ContentKeyPolicyProperties

ContentKeyPolicyProperties

Name Description Value
description A description for the Policy. string
options The Key Policy options. ContentKeyPolicyOption[] (required)

ContentKeyPolicyOption

Name Description Value
configuration The key delivery configuration. ContentKeyPolicyConfiguration (required)
name The Policy Option description. string
restriction The requirements that must be met to deliver keys with this configuration ContentKeyPolicyRestriction (required)

ContentKeyPolicyConfiguration

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration
#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration
#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration
#Microsoft.Media.ContentKeyPolicyUnknownConfiguration
#Microsoft.Media.ContentKeyPolicyWidevineConfiguration (required)

ContentKeyPolicyClearKeyConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration' (required)

ContentKeyPolicyFairPlayConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration' (required)
ask The key that must be used as FairPlay Application Secret key. This needs to be base64 encoded. For Bicep, you can use the any() function.(required)
fairPlayPfx The Base64 representation of FairPlay certificate in PKCS 12 (pfx) format (including private key). string (required)
fairPlayPfxPassword The password encrypting FairPlay certificate in PKCS 12 (pfx) format. string (required)
offlineRentalConfiguration Offline rental policy ContentKeyPolicyFairPlayOfflineRentalConfiguration
rentalAndLeaseKeyType The rental and lease key type. 'DualExpiry'
'PersistentLimited'
'PersistentUnlimited'
'Undefined'
'Unknown' (required)
rentalDuration The rental duration. Must be greater than or equal to 0. int (required)

ContentKeyPolicyFairPlayOfflineRentalConfiguration

Name Description Value
playbackDurationSeconds Playback duration int (required)
storageDurationSeconds Storage duration int (required)

ContentKeyPolicyPlayReadyConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration' (required)
licenses The PlayReady licenses. ContentKeyPolicyPlayReadyLicense[] (required)
responseCustomData The custom response data. string

ContentKeyPolicyPlayReadyLicense

Name Description Value
allowTestDevices A flag indicating whether test devices can use the license. bool (required)
beginDate The begin date of license string
contentKeyLocation The content key location. ContentKeyPolicyPlayReadyContentKeyLocation (required)
contentType The PlayReady content type. 'UltraVioletDownload'
'UltraVioletStreaming'
'Unknown'
'Unspecified' (required)
expirationDate The expiration date of license. string
gracePeriod The grace period of license. string
licenseType The license type. 'NonPersistent'
'Persistent'
'Unknown' (required)
playRight The license PlayRight ContentKeyPolicyPlayReadyPlayRight
relativeBeginDate The relative begin date of license. string
relativeExpirationDate The relative expiration date of license. string
securityLevel The security level. 'SL150'
'SL2000'
'SL3000'
'Unknown'

ContentKeyPolicyPlayReadyContentKeyLocation

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader
#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier (required)

ContentKeyPolicyPlayReadyContentEncryptionKeyFromHea...

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader' (required)

ContentKeyPolicyPlayReadyContentEncryptionKeyFromKey...

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier' (required)
keyId The content key ID. string (required)

ContentKeyPolicyPlayReadyPlayRight

Name Description Value
agcAndColorStripeRestriction Configures Automatic Gain Control (AGC) and Color Stripe in the license. Must be between 0 and 3 inclusive. int
allowPassingVideoContentToUnknownOutput Configures Unknown output handling settings of the license. 'Allowed'
'AllowedWithVideoConstriction'
'NotAllowed'
'Unknown' (required)
analogVideoOpl Specifies the output protection level for compressed digital audio. int
compressedDigitalAudioOpl Specifies the output protection level for compressed digital audio. int
compressedDigitalVideoOpl Specifies the output protection level for compressed digital video. int
digitalVideoOnlyContentRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
explicitAnalogTelevisionOutputRestriction Configures the Explicit Analog Television Output Restriction in the license. Configuration data must be between 0 and 3 inclusive. ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes...
firstPlayExpiration The amount of time that the license is valid after the license is first used to play content. string
imageConstraintForAnalogComponentVideoRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
imageConstraintForAnalogComputerMonitorRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
scmsRestriction Configures the Serial Copy Management System (SCMS) in the license. Must be between 0 and 3 inclusive. int
uncompressedDigitalAudioOpl Specifies the output protection level for uncompressed digital audio. int
uncompressedDigitalVideoOpl Specifies the output protection level for uncompressed digital video. int

ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes...

Name Description Value
bestEffort Indicates whether this restriction is enforced on a Best Effort basis. bool (required)
configurationData Configures the restriction control bits. Must be between 0 and 3 inclusive. int (required)

ContentKeyPolicyUnknownConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyUnknownConfiguration' (required)

ContentKeyPolicyWidevineConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyWidevineConfiguration' (required)
widevineTemplate The Widevine template. string (required)

ContentKeyPolicyRestriction

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyOpenRestriction
#Microsoft.Media.ContentKeyPolicyTokenRestriction
#Microsoft.Media.ContentKeyPolicyUnknownRestriction (required)

ContentKeyPolicyOpenRestriction

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyOpenRestriction' (required)

ContentKeyPolicyTokenRestriction

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyTokenRestriction' (required)
alternateVerificationKeys A list of alternative verification keys. ContentKeyPolicyRestrictionTokenKey[]
audience The audience for the token. string (required)
issuer The token issuer. string (required)
openIdConnectDiscoveryDocument The OpenID connect discovery document. string
primaryVerificationKey The primary verification key. ContentKeyPolicyRestrictionTokenKey (required)
requiredClaims A list of required token claims. ContentKeyPolicyTokenClaim[]
restrictionTokenType The type of token. 'Jwt'
'Swt'
'Unknown' (required)

ContentKeyPolicyRestrictionTokenKey

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyRsaTokenKey
#Microsoft.Media.ContentKeyPolicySymmetricTokenKey
#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey (required)

ContentKeyPolicyRsaTokenKey

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyRsaTokenKey' (required)
exponent The RSA Parameter exponent For Bicep, you can use the any() function.(required)
modulus The RSA Parameter modulus For Bicep, you can use the any() function.(required)

ContentKeyPolicySymmetricTokenKey

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicySymmetricTokenKey' (required)
keyValue The key value of the key For Bicep, you can use the any() function.(required)

ContentKeyPolicyX509CertificateTokenKey

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey' (required)
rawBody The raw data field of a certificate in PKCS 12 format (X509Certificate2 in .NET) For Bicep, you can use the any() function.(required)

ContentKeyPolicyTokenClaim

Name Description Value
claimType Token claim type. string
claimValue Token claim value. string

ContentKeyPolicyUnknownRestriction

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyUnknownRestriction' (required)

ARM template resource definition

The mediaServices/contentKeyPolicies resource type can be deployed to:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Media/mediaServices/contentKeyPolicies resource, add the following JSON to your template.

{
  "type": "Microsoft.Media/mediaServices/contentKeyPolicies",
  "apiVersion": "2022-08-01",
  "name": "string",
  "properties": {
    "description": "string",
    "options": [
      {
        "configuration": {
          "@odata.type": "string"
          // For remaining properties, see ContentKeyPolicyConfiguration objects
        },
        "name": "string",
        "restriction": {
          "@odata.type": "string"
          // For remaining properties, see ContentKeyPolicyRestriction objects
        }
      }
    ]
  }
}

ContentKeyPolicyConfiguration objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration"

For #Microsoft.Media.ContentKeyPolicyFairPlayConfiguration, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration",
  "ask": {},
  "fairPlayPfx": "string",
  "fairPlayPfxPassword": "string",
  "offlineRentalConfiguration": {
    "playbackDurationSeconds": "int",
    "storageDurationSeconds": "int"
  },
  "rentalAndLeaseKeyType": "string",
  "rentalDuration": "int"

For #Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration",
  "licenses": [
    {
      "allowTestDevices": "bool",
      "beginDate": "string",
      "contentKeyLocation": {
        "@odata.type": "string"
        // For remaining properties, see ContentKeyPolicyPlayReadyContentKeyLocation objects
      },
      "contentType": "string",
      "expirationDate": "string",
      "gracePeriod": "string",
      "licenseType": "string",
      "playRight": {
        "agcAndColorStripeRestriction": "int",
        "allowPassingVideoContentToUnknownOutput": "string",
        "analogVideoOpl": "int",
        "compressedDigitalAudioOpl": "int",
        "compressedDigitalVideoOpl": "int",
        "digitalVideoOnlyContentRestriction": "bool",
        "explicitAnalogTelevisionOutputRestriction": {
          "bestEffort": "bool",
          "configurationData": "int"
        },
        "firstPlayExpiration": "string",
        "imageConstraintForAnalogComponentVideoRestriction": "bool",
        "imageConstraintForAnalogComputerMonitorRestriction": "bool",
        "scmsRestriction": "int",
        "uncompressedDigitalAudioOpl": "int",
        "uncompressedDigitalVideoOpl": "int"
      },
      "relativeBeginDate": "string",
      "relativeExpirationDate": "string",
      "securityLevel": "string"
    }
  ],
  "responseCustomData": "string"

For #Microsoft.Media.ContentKeyPolicyUnknownConfiguration, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyUnknownConfiguration"

For #Microsoft.Media.ContentKeyPolicyWidevineConfiguration, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyWidevineConfiguration",
  "widevineTemplate": "string"

ContentKeyPolicyPlayReadyContentKeyLocation objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader"

For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier",
  "keyId": "string"

ContentKeyPolicyRestriction objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyOpenRestriction, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyOpenRestriction"

For #Microsoft.Media.ContentKeyPolicyTokenRestriction, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyTokenRestriction",
  "alternateVerificationKeys": [
    {
      "@odata.type": "string"
      // For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
    }
  ],
  "audience": "string",
  "issuer": "string",
  "openIdConnectDiscoveryDocument": "string",
  "primaryVerificationKey": {
    "@odata.type": "string"
    // For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
  },
  "requiredClaims": [
    {
      "claimType": "string",
      "claimValue": "string"
    }
  ],
  "restrictionTokenType": "string"

For #Microsoft.Media.ContentKeyPolicyUnknownRestriction, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyUnknownRestriction"

ContentKeyPolicyRestrictionTokenKey objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyRsaTokenKey, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyRsaTokenKey",
  "exponent": {},
  "modulus": {}

For #Microsoft.Media.ContentKeyPolicySymmetricTokenKey, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicySymmetricTokenKey",
  "keyValue": {}

For #Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey, use:

  "@odata.type": "#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey",
  "rawBody": {}

Property values

mediaServices/contentKeyPolicies

Name Description Value
type The resource type 'Microsoft.Media/mediaServices/contentKeyPolicies'
apiVersion The resource api version '2022-08-01'
name The resource name

See how to set names and types for child resources in JSON ARM templates.
string (required)
properties The properties of the Content Key Policy. ContentKeyPolicyProperties

ContentKeyPolicyProperties

Name Description Value
description A description for the Policy. string
options The Key Policy options. ContentKeyPolicyOption[] (required)

ContentKeyPolicyOption

Name Description Value
configuration The key delivery configuration. ContentKeyPolicyConfiguration (required)
name The Policy Option description. string
restriction The requirements that must be met to deliver keys with this configuration ContentKeyPolicyRestriction (required)

ContentKeyPolicyConfiguration

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration
#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration
#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration
#Microsoft.Media.ContentKeyPolicyUnknownConfiguration
#Microsoft.Media.ContentKeyPolicyWidevineConfiguration (required)

ContentKeyPolicyClearKeyConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration' (required)

ContentKeyPolicyFairPlayConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration' (required)
ask The key that must be used as FairPlay Application Secret key. This needs to be base64 encoded.
fairPlayPfx The Base64 representation of FairPlay certificate in PKCS 12 (pfx) format (including private key). string (required)
fairPlayPfxPassword The password encrypting FairPlay certificate in PKCS 12 (pfx) format. string (required)
offlineRentalConfiguration Offline rental policy ContentKeyPolicyFairPlayOfflineRentalConfiguration
rentalAndLeaseKeyType The rental and lease key type. 'DualExpiry'
'PersistentLimited'
'PersistentUnlimited'
'Undefined'
'Unknown' (required)
rentalDuration The rental duration. Must be greater than or equal to 0. int (required)

ContentKeyPolicyFairPlayOfflineRentalConfiguration

Name Description Value
playbackDurationSeconds Playback duration int (required)
storageDurationSeconds Storage duration int (required)

ContentKeyPolicyPlayReadyConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration' (required)
licenses The PlayReady licenses. ContentKeyPolicyPlayReadyLicense[] (required)
responseCustomData The custom response data. string

ContentKeyPolicyPlayReadyLicense

Name Description Value
allowTestDevices A flag indicating whether test devices can use the license. bool (required)
beginDate The begin date of license string
contentKeyLocation The content key location. ContentKeyPolicyPlayReadyContentKeyLocation (required)
contentType The PlayReady content type. 'UltraVioletDownload'
'UltraVioletStreaming'
'Unknown'
'Unspecified' (required)
expirationDate The expiration date of license. string
gracePeriod The grace period of license. string
licenseType The license type. 'NonPersistent'
'Persistent'
'Unknown' (required)
playRight The license PlayRight ContentKeyPolicyPlayReadyPlayRight
relativeBeginDate The relative begin date of license. string
relativeExpirationDate The relative expiration date of license. string
securityLevel The security level. 'SL150'
'SL2000'
'SL3000'
'Unknown'

ContentKeyPolicyPlayReadyContentKeyLocation

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader
#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier (required)

ContentKeyPolicyPlayReadyContentEncryptionKeyFromHea...

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader' (required)

ContentKeyPolicyPlayReadyContentEncryptionKeyFromKey...

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier' (required)
keyId The content key ID. string (required)

ContentKeyPolicyPlayReadyPlayRight

Name Description Value
agcAndColorStripeRestriction Configures Automatic Gain Control (AGC) and Color Stripe in the license. Must be between 0 and 3 inclusive. int
allowPassingVideoContentToUnknownOutput Configures Unknown output handling settings of the license. 'Allowed'
'AllowedWithVideoConstriction'
'NotAllowed'
'Unknown' (required)
analogVideoOpl Specifies the output protection level for compressed digital audio. int
compressedDigitalAudioOpl Specifies the output protection level for compressed digital audio. int
compressedDigitalVideoOpl Specifies the output protection level for compressed digital video. int
digitalVideoOnlyContentRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
explicitAnalogTelevisionOutputRestriction Configures the Explicit Analog Television Output Restriction in the license. Configuration data must be between 0 and 3 inclusive. ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes...
firstPlayExpiration The amount of time that the license is valid after the license is first used to play content. string
imageConstraintForAnalogComponentVideoRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
imageConstraintForAnalogComputerMonitorRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
scmsRestriction Configures the Serial Copy Management System (SCMS) in the license. Must be between 0 and 3 inclusive. int
uncompressedDigitalAudioOpl Specifies the output protection level for uncompressed digital audio. int
uncompressedDigitalVideoOpl Specifies the output protection level for uncompressed digital video. int

ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes...

Name Description Value
bestEffort Indicates whether this restriction is enforced on a Best Effort basis. bool (required)
configurationData Configures the restriction control bits. Must be between 0 and 3 inclusive. int (required)

ContentKeyPolicyUnknownConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyUnknownConfiguration' (required)

ContentKeyPolicyWidevineConfiguration

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyWidevineConfiguration' (required)
widevineTemplate The Widevine template. string (required)

ContentKeyPolicyRestriction

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyOpenRestriction
#Microsoft.Media.ContentKeyPolicyTokenRestriction
#Microsoft.Media.ContentKeyPolicyUnknownRestriction (required)

ContentKeyPolicyOpenRestriction

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyOpenRestriction' (required)

ContentKeyPolicyTokenRestriction

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyTokenRestriction' (required)
alternateVerificationKeys A list of alternative verification keys. ContentKeyPolicyRestrictionTokenKey[]
audience The audience for the token. string (required)
issuer The token issuer. string (required)
openIdConnectDiscoveryDocument The OpenID connect discovery document. string
primaryVerificationKey The primary verification key. ContentKeyPolicyRestrictionTokenKey (required)
requiredClaims A list of required token claims. ContentKeyPolicyTokenClaim[]
restrictionTokenType The type of token. 'Jwt'
'Swt'
'Unknown' (required)

ContentKeyPolicyRestrictionTokenKey

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyRsaTokenKey
#Microsoft.Media.ContentKeyPolicySymmetricTokenKey
#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey (required)

ContentKeyPolicyRsaTokenKey

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyRsaTokenKey' (required)
exponent The RSA Parameter exponent
modulus The RSA Parameter modulus

ContentKeyPolicySymmetricTokenKey

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicySymmetricTokenKey' (required)
keyValue The key value of the key

ContentKeyPolicyX509CertificateTokenKey

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey' (required)
rawBody The raw data field of a certificate in PKCS 12 format (X509Certificate2 in .NET)

ContentKeyPolicyTokenClaim

Name Description Value
claimType Token claim type. string
claimValue Token claim value. string

ContentKeyPolicyUnknownRestriction

Name Description Value
@odata.type The discriminator for derived types. '#Microsoft.Media.ContentKeyPolicyUnknownRestriction' (required)

Terraform (AzAPI provider) resource definition

The mediaServices/contentKeyPolicies resource type can be deployed to:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Media/mediaServices/contentKeyPolicies resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Media/mediaServices/contentKeyPolicies@2022-08-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      description = "string"
      options = [
        {
          configuration = {
            @odata.type = "string"
            // For remaining properties, see ContentKeyPolicyConfiguration objects
          }
          name = "string"
          restriction = {
            @odata.type = "string"
            // For remaining properties, see ContentKeyPolicyRestriction objects
          }
        }
      ]
    }
  })
}

ContentKeyPolicyConfiguration objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration"

For #Microsoft.Media.ContentKeyPolicyFairPlayConfiguration, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration"
  fairPlayPfx = "string"
  fairPlayPfxPassword = "string"
  offlineRentalConfiguration = {
    playbackDurationSeconds = int
    storageDurationSeconds = int
  }
  rentalAndLeaseKeyType = "string"
  rentalDuration = int

For #Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration"
  licenses = [
    {
      allowTestDevices = bool
      beginDate = "string"
      contentKeyLocation = {
        @odata.type = "string"
        // For remaining properties, see ContentKeyPolicyPlayReadyContentKeyLocation objects
      }
      contentType = "string"
      expirationDate = "string"
      gracePeriod = "string"
      licenseType = "string"
      playRight = {
        agcAndColorStripeRestriction = int
        allowPassingVideoContentToUnknownOutput = "string"
        analogVideoOpl = int
        compressedDigitalAudioOpl = int
        compressedDigitalVideoOpl = int
        digitalVideoOnlyContentRestriction = bool
        explicitAnalogTelevisionOutputRestriction = {
          bestEffort = bool
          configurationData = int
        }
        firstPlayExpiration = "string"
        imageConstraintForAnalogComponentVideoRestriction = bool
        imageConstraintForAnalogComputerMonitorRestriction = bool
        scmsRestriction = int
        uncompressedDigitalAudioOpl = int
        uncompressedDigitalVideoOpl = int
      }
      relativeBeginDate = "string"
      relativeExpirationDate = "string"
      securityLevel = "string"
    }
  ]
  responseCustomData = "string"

For #Microsoft.Media.ContentKeyPolicyUnknownConfiguration, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyUnknownConfiguration"

For #Microsoft.Media.ContentKeyPolicyWidevineConfiguration, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyWidevineConfiguration"
  widevineTemplate = "string"

ContentKeyPolicyPlayReadyContentKeyLocation objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader"

For #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier"
  keyId = "string"

ContentKeyPolicyRestriction objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyOpenRestriction, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyOpenRestriction"

For #Microsoft.Media.ContentKeyPolicyTokenRestriction, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyTokenRestriction"
  alternateVerificationKeys = [
    {
      @odata.type = "string"
      // For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
    }
  ]
  audience = "string"
  issuer = "string"
  openIdConnectDiscoveryDocument = "string"
  primaryVerificationKey = {
    @odata.type = "string"
    // For remaining properties, see ContentKeyPolicyRestrictionTokenKey objects
  }
  requiredClaims = [
    {
      claimType = "string"
      claimValue = "string"
    }
  ]
  restrictionTokenType = "string"

For #Microsoft.Media.ContentKeyPolicyUnknownRestriction, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyUnknownRestriction"

ContentKeyPolicyRestrictionTokenKey objects

Set the @odata.type property to specify the type of object.

For #Microsoft.Media.ContentKeyPolicyRsaTokenKey, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyRsaTokenKey"

For #Microsoft.Media.ContentKeyPolicySymmetricTokenKey, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicySymmetricTokenKey"

For #Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey, use:

  @odata.type = "#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey"

Property values

mediaServices/contentKeyPolicies

Name Description Value
type The resource type "Microsoft.Media/mediaServices/contentKeyPolicies@2022-08-01"
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: mediaServices
properties The properties of the Content Key Policy. ContentKeyPolicyProperties

ContentKeyPolicyProperties

Name Description Value
description A description for the Policy. string
options The Key Policy options. ContentKeyPolicyOption[] (required)

ContentKeyPolicyOption

Name Description Value
configuration The key delivery configuration. ContentKeyPolicyConfiguration (required)
name The Policy Option description. string
restriction The requirements that must be met to deliver keys with this configuration ContentKeyPolicyRestriction (required)

ContentKeyPolicyConfiguration

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyClearKeyConfiguration
#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration
#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration
#Microsoft.Media.ContentKeyPolicyUnknownConfiguration
#Microsoft.Media.ContentKeyPolicyWidevineConfiguration (required)

ContentKeyPolicyClearKeyConfiguration

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyClearKeyConfiguration" (required)

ContentKeyPolicyFairPlayConfiguration

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyFairPlayConfiguration" (required)
ask The key that must be used as FairPlay Application Secret key. This needs to be base64 encoded.
fairPlayPfx The Base64 representation of FairPlay certificate in PKCS 12 (pfx) format (including private key). string (required)
fairPlayPfxPassword The password encrypting FairPlay certificate in PKCS 12 (pfx) format. string (required)
offlineRentalConfiguration Offline rental policy ContentKeyPolicyFairPlayOfflineRentalConfiguration
rentalAndLeaseKeyType The rental and lease key type. "DualExpiry"
"PersistentLimited"
"PersistentUnlimited"
"Undefined"
"Unknown" (required)
rentalDuration The rental duration. Must be greater than or equal to 0. int (required)

ContentKeyPolicyFairPlayOfflineRentalConfiguration

Name Description Value
playbackDurationSeconds Playback duration int (required)
storageDurationSeconds Storage duration int (required)

ContentKeyPolicyPlayReadyConfiguration

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyPlayReadyConfiguration" (required)
licenses The PlayReady licenses. ContentKeyPolicyPlayReadyLicense[] (required)
responseCustomData The custom response data. string

ContentKeyPolicyPlayReadyLicense

Name Description Value
allowTestDevices A flag indicating whether test devices can use the license. bool (required)
beginDate The begin date of license string
contentKeyLocation The content key location. ContentKeyPolicyPlayReadyContentKeyLocation (required)
contentType The PlayReady content type. "UltraVioletDownload"
"UltraVioletStreaming"
"Unknown"
"Unspecified" (required)
expirationDate The expiration date of license. string
gracePeriod The grace period of license. string
licenseType The license type. "NonPersistent"
"Persistent"
"Unknown" (required)
playRight The license PlayRight ContentKeyPolicyPlayReadyPlayRight
relativeBeginDate The relative begin date of license. string
relativeExpirationDate The relative expiration date of license. string
securityLevel The security level. "SL150"
"SL2000"
"SL3000"
"Unknown"

ContentKeyPolicyPlayReadyContentKeyLocation

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader
#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier (required)

ContentKeyPolicyPlayReadyContentEncryptionKeyFromHea...

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromHeader" (required)

ContentKeyPolicyPlayReadyContentEncryptionKeyFromKey...

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyPlayReadyContentEncryptionKeyFromKeyIdentifier" (required)
keyId The content key ID. string (required)

ContentKeyPolicyPlayReadyPlayRight

Name Description Value
agcAndColorStripeRestriction Configures Automatic Gain Control (AGC) and Color Stripe in the license. Must be between 0 and 3 inclusive. int
allowPassingVideoContentToUnknownOutput Configures Unknown output handling settings of the license. "Allowed"
"AllowedWithVideoConstriction"
"NotAllowed"
"Unknown" (required)
analogVideoOpl Specifies the output protection level for compressed digital audio. int
compressedDigitalAudioOpl Specifies the output protection level for compressed digital audio. int
compressedDigitalVideoOpl Specifies the output protection level for compressed digital video. int
digitalVideoOnlyContentRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
explicitAnalogTelevisionOutputRestriction Configures the Explicit Analog Television Output Restriction in the license. Configuration data must be between 0 and 3 inclusive. ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes...
firstPlayExpiration The amount of time that the license is valid after the license is first used to play content. string
imageConstraintForAnalogComponentVideoRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
imageConstraintForAnalogComputerMonitorRestriction Enables the Image Constraint For Analog Component Video Restriction in the license. bool (required)
scmsRestriction Configures the Serial Copy Management System (SCMS) in the license. Must be between 0 and 3 inclusive. int
uncompressedDigitalAudioOpl Specifies the output protection level for uncompressed digital audio. int
uncompressedDigitalVideoOpl Specifies the output protection level for uncompressed digital video. int

ContentKeyPolicyPlayReadyExplicitAnalogTelevisionRes...

Name Description Value
bestEffort Indicates whether this restriction is enforced on a Best Effort basis. bool (required)
configurationData Configures the restriction control bits. Must be between 0 and 3 inclusive. int (required)

ContentKeyPolicyUnknownConfiguration

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyUnknownConfiguration" (required)

ContentKeyPolicyWidevineConfiguration

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyWidevineConfiguration" (required)
widevineTemplate The Widevine template. string (required)

ContentKeyPolicyRestriction

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyOpenRestriction
#Microsoft.Media.ContentKeyPolicyTokenRestriction
#Microsoft.Media.ContentKeyPolicyUnknownRestriction (required)

ContentKeyPolicyOpenRestriction

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyOpenRestriction" (required)

ContentKeyPolicyTokenRestriction

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyTokenRestriction" (required)
alternateVerificationKeys A list of alternative verification keys. ContentKeyPolicyRestrictionTokenKey[]
audience The audience for the token. string (required)
issuer The token issuer. string (required)
openIdConnectDiscoveryDocument The OpenID connect discovery document. string
primaryVerificationKey The primary verification key. ContentKeyPolicyRestrictionTokenKey (required)
requiredClaims A list of required token claims. ContentKeyPolicyTokenClaim[]
restrictionTokenType The type of token. "Jwt"
"Swt"
"Unknown" (required)

ContentKeyPolicyRestrictionTokenKey

Name Description Value
@odata.type Set the object type #Microsoft.Media.ContentKeyPolicyRsaTokenKey
#Microsoft.Media.ContentKeyPolicySymmetricTokenKey
#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey (required)

ContentKeyPolicyRsaTokenKey

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyRsaTokenKey" (required)
exponent The RSA Parameter exponent
modulus The RSA Parameter modulus

ContentKeyPolicySymmetricTokenKey

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicySymmetricTokenKey" (required)
keyValue The key value of the key

ContentKeyPolicyX509CertificateTokenKey

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyX509CertificateTokenKey" (required)
rawBody The raw data field of a certificate in PKCS 12 format (X509Certificate2 in .NET)

ContentKeyPolicyTokenClaim

Name Description Value
claimType Token claim type. string
claimValue Token claim value. string

ContentKeyPolicyUnknownRestriction

Name Description Value
@odata.type The discriminator for derived types. "#Microsoft.Media.ContentKeyPolicyUnknownRestriction" (required)