Speaker identification secrets
Prepare and manage Speaker Identification secrets for Speechmatics deploymentsSpeaker identification requires the Batch or Realtime Transcriber to access one or more cryptographically strong secrets. These secrets are used to generate and validate speaker identifiers. This page explains how to prepare these secret files and mount them into the Transcriber Container in both Batch and Realtime deployments.
Preparing the secret directory
Speaker ID secrets must be stored in a dedicated directory on the host machine. Each secret is contained in a separate file whose name follows the pattern: <secret_dir>/s.<integer>. For example:
/speaker_id_secrets/s.1
/speaker_id_secrets/s.2
Secret files may contain either binary data or plain text (for example, Base64-encoded values). The Transcriber will read all files matching the s.<integer> pattern in the directory.
Multiple secret files allow operators to rotate secrets without disrupting active workloads. When more than one secret is present, the Transcriber will continue to accept identifiers encrypted with older secrets while using the most recent secret for generating new identifiers. The most recent secret is determined by the highest-numbered secret file. In most on-prem deployments, operators typically only need to maintain a single secret file unless secret rotation is required for their environment.
Mounting the secret directory
The secret directory must be mounted into the Transcriber Container as a read-only volume. The location inside the Container must then be provided to the Transcriber using the SM_SPEAKER_ID_SECRETS_DIR environment variable.
Below is an example for Docker:
docker run --rm -i
-v <path/to/dir/in/host/containing/speaker_id_secrets_dir>:/speaker_id_secrets:ro
-e SM_SPEAKER_ID_SECRETS_DIR=/speaker_id_secrets -e LICENSE_TOKEN=$TOKEN_VALUE
$IMAGE_NAME
The Transcriber will automatically load all secret files in the specified directory when it starts.