Encrypted Recordings
Twilio Editions feature
Video Recording Encryption is available to Twilio Enterprise Edition and Twilio Security Edition customers. Learn more about Editions.
The Twilio Recording Settings REST API lets you configure Twilio to store your recordings encrypted. Recording Settings work per-account (i.e. project). If you activate encryption, all Video Recordings in your account (or project) will get encrypted.
This document contains reference information about the Recording Settings REST API for encryption. For a step-by-step guide you can also read the Encrypting your Stored Media developer guide
These are the URI schemes for the Recording Settings REST API and the supported methods:
/v1/RecordingSettings/DefaultGET: Retrieves current Recording Settings.POST: Updates the Recording Settings.
The Default RecordingSettings resource holds the default recording settings
for the given Twilio account (or project). Its configuration will be applied to
all Recordings created in such account (or project).
The Recording Settings default resource is located at the following Base URL:
1https://video.twilio.com/v1/RecordingSettings/Default2
A RecordingSettings resource has the following properties:
The SID of the Account that created the RecordingSettings resource.
^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34The string that you assigned to describe the resource and show the user in the console
The SID of the stored Credential resource.
^CR[0-9a-fA-F]{32}$Min length: 34Max length: 34The URL of the AWS S3 bucket where the recordings are stored. We only support DNS-compliant URLs like https://documentation-example-twilio-bucket/recordings, where recordings is the path in which you want the recordings to be stored. This URL accepts only URI-valid characters, as described in the RFC 3986.
Whether all recordings are written to the aws_s3_url. When false, all recordings are stored in our cloud.
The SID of the Public Key resource used for encryption.
^CR[0-9a-fA-F]{32}$Min length: 34Max length: 34Whether all recordings are stored in an encrypted form. The default is false.
The absolute URL of the resource.
In the table above, the following properties are reserved for the feature called External S3 Storage:
aws_credentials_sidaws_s3_urlaws_storage_enabled
Retrieves your account's default Recording Settings.
For example:
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function fetchRecordingSettings() {11const recordingSetting = await client.video.recordingSettings().fetch();1213console.log(recordingSetting.accountSid);14}1516fetchRecordingSettings();
Response
1{2"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",3"friendly_name": "string",4"aws_credentials_sid": "CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",5"encryption_key_sid": "CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",6"aws_s3_url": "https://my-super-duper-bucket.s3.amazonaws.com/my/path/",7"aws_storage_enabled": true,8"encryption_enabled": true,9"url": "https://video.twilio.com/v1/RecordingSettings/Default"10}
Sets your account's default Recording Settings. POST requests support the
following parameters:
application/x-www-form-urlencodedA descriptive string that you create to describe the resource and be shown to users in the console
The SID of the stored Credential resource.
^CR[0-9a-fA-F]{32}$Min length: 34Max length: 34The SID of the Public Key resource to use for encryption.
^CR[0-9a-fA-F]{32}$Min length: 34Max length: 34The URL of the AWS S3 bucket where the recordings should be stored. We only support DNS-compliant URLs like https://documentation-example-twilio-bucket/recordings, where recordings is the path in which you want the recordings to be stored. This URL accepts only URI-valid characters, as described in the RFC 3986.
Whether all recordings should be written to the aws_s3_url. When false, all recordings are stored in our cloud.
Whether all recordings should be stored in an encrypted form. The default is false.
In the table above, the following parameters are reserved for the feature called External S3 Storage:
AwsCredentialsSidAwsS3UrlAwsStorageEnabled
The following code snippets illustrate how you can set Encryption in your Recordings settings:
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function createRecordingSettings() {11const recordingSetting = await client.video.recordingSettings().create({12encryptionEnabled: true,13encryptionKeySid: "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",14friendlyName: "Upload encrypted",15});1617console.log(recordingSetting.accountSid);18}1920createRecordingSettings();
Response
1{2"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",3"friendly_name": "Upload encrypted",4"aws_credentials_sid": "CRaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",5"encryption_key_sid": "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",6"aws_s3_url": "https://my-super-duper-bucket.s3.amazonaws.com/my/path/",7"aws_storage_enabled": true,8"encryption_enabled": true,9"url": "https://video.twilio.com/v1/RecordingSettings/Default"10}
- If you activate Encryption in your account, you will not be able to use Compositions in such account given that Compositions require the source recordings to be stored unencrypted.