Merge branch 'master' of https://github.com/kerberos-io/agent

add --fix-missing to fix random broken builds (armv6 image)
Merge pull request #121 from Chaitanya110703/patch-1
2026-03-09 20:52:07 +00:00 · 2023-11-06 17:07:50 +01:00 · 2023-11-06 17:07:35 +01:00 · 2023-11-06 16:54:28 +01:00 · 2023-11-06 14:37:54 +01:00 · 2023-11-03 13:18:00 +01:00
29 changed files with 837 additions and 175 deletions
--- a/2
+++ b/2
@@ -10,7 +10,7 @@ ENV GOSUMDB=off
 ##########################################
 # Installing some additional dependencies.

-RUN apt-get upgrade -y && apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get upgrade -y && apt-get update && apt-get install -y --fix-missing --no-install-recommends \
 	git build-essential cmake pkg-config unzip libgtk2.0-dev \
 	curl ca-certificates libcurl4-openssl-dev libssl-dev libjpeg62-turbo-dev && \
 	rm -rf /var/lib/apt/lists/*
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ Kerberos Agent is an isolated and scalable video (surveillance) management agent
 ## :thinking: Prerequisites

 - An IP camera which supports a RTSP H264 encoded stream,
-  - (or) a USB camera, Raspberry Pi camera or other camera, that [you can tranform to a valid RTSP H264 stream](https://github.com/kerberos-io/camera-to-rtsp).
+  - (or) a USB camera, Raspberry Pi camera or other camera, that [you can transform to a valid RTSP H264 stream](https://github.com/kerberos-io/camera-to-rtsp).
 - Any hardware (ARMv6, ARMv7, ARM64, AMD) that can run a binary or container, for example: a Raspberry Pi, NVidia Jetson, Intel NUC, a VM, Bare metal machine or a full blown Kubernetes cluster.

 ## :video_camera: Is my camera working?
@@ -109,8 +109,10 @@ This repository contains everything you'll need to know about our core product,
 - Single camera per instance (e.g. one container per camera).
 - Primary and secondary stream setup (record full-res, stream low-res).
 - Low resolution streaming through MQTT and full resolution streaming through WebRTC.
+- End-to-end encryption through MQTT using RSA and AES.
 - Ability to specifiy conditions: offline mode, motion region, time table, continuous recording, etc.
 - Post- and pre-recording on motion detection.
+- Encryption at rest using AES-256-CBC.
 - Ability to create fragmented recordings, and streaming though HLS fMP4.
 - [Deploy where you want](#how-to-run-and-deploy-a-kerberos-agent) with the tools you use: `docker`, `docker compose`, `ansible`, `terraform`, `kubernetes`, etc.
 - Cloud storage/persistance: Kerberos Hub, Kerberos Vault and Dropbox. [(WIP: Minio, Storj, Google Drive, FTP etc.)](https://github.com/kerberos-io/agent/issues/95)
@@ -147,6 +149,20 @@ The default username and password for the Kerberos Agent is:

 **_Please note that you change the username and password for a final installation, see [Configure with environment variables](#configure-with-environment-variables) below._**

+## Encryption
+
+You can encrypt your recordings and outgoing MQTT messages with your own AES and RSA keys by enabling the encryption settings. Once enabled all your recordings will be encrypted using AES-256-CBC and your symmetric key. You can either use the default `openssl` toolchain to decrypt the recordings with your AES key, as following:
+
+    openssl aes-256-cbc -d -md md5 -in encrypted.mp4 -out decrypted.mp4 -k your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
+
+, and additionally you can decrypt a folder of recordings, using the Kerberos Agent binary as following:
+
+    go run main.go -action decrypt ./data/recordings your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
+
+or for a single file:
+
+    go run main.go -action decrypt ./data/recordings/video.mp4 your-key-96ab185xxxxxxxcxxxxxxxx6a59c62e8
+
 ## Configure and persist with volume mounts

 An example of how to mount a host directory is shown below using `docker`, but is applicable for [all the deployment models and tools described above](#running-and-automating-a-kerberos-agent).
@@ -227,7 +243,8 @@ Next to attaching the configuration file, it is also possible to override the co
 | `AGENT_KERBEROSVAULT_DIRECTORY`         | The directory, in the provider, where the recordings will be stored in.                         | ""                             |
 | `AGENT_DROPBOX_ACCESS_TOKEN`            | The Access Token from your Dropbox app, that is used to leverage the Dropbox SDK.               | ""                             |
 | `AGENT_DROPBOX_DIRECTORY`               | The directory, in the provider, where the recordings will be stored in.                         | ""                             |
-| `AGENT_ENCRYPTION`                      | Enable 'true' or disable 'false' end-to-end encryption through MQTT (recordings will follow).   | "false"                        |
+| `AGENT_ENCRYPTION`                      | Enable 'true' or disable 'false' end-to-end encryption for MQTT messages.                       | "false"                        |
+| `AGENT_ENCRYPTION_RECORDINGS`           | Enable 'true' or disable 'false' end-to-end encryption for recordings.                          | "false"                        |
 | `AGENT_ENCRYPTION_FINGERPRINT`          | The fingerprint of the keypair (public/private keys), so you know which one to use.             | ""                             |
 | `AGENT_ENCRYPTION_PRIVATE_KEY`          | The private key (assymetric/RSA) to decryptand sign requests send over MQTT.                    | ""                             |
 | `AGENT_ENCRYPTION_SYMMETRIC_KEY`        | The symmetric key (AES) to encrypt and decrypt request send over MQTT.                          | ""                             |
--- a/machinery/go.mod
+++ b/machinery/go.mod
@@ -2,7 +2,8 @@ module github.com/kerberos-io/agent/machinery

 go 1.19

-// replace github.com/kerberos-io/joy4 v1.0.57 => ../../../../github.com/kerberos-io/joy4
+//replace github.com/kerberos-io/joy4 v1.0.58 => ../../../../github.com/kerberos-io/joy4
+
 // replace github.com/kerberos-io/onvif v0.0.6 => ../../../../github.com/kerberos-io/onvif

 require (
@@ -20,11 +21,12 @@ require (
 	github.com/gin-contrib/pprof v1.4.0
 	github.com/gin-gonic/contrib v0.0.0-20221130124618-7e01895a63f2
 	github.com/gin-gonic/gin v1.8.2
+	github.com/gofrs/uuid v3.2.0+incompatible
 	github.com/golang-jwt/jwt/v4 v4.4.3
 	github.com/golang-module/carbon/v2 v2.2.3
 	github.com/gorilla/websocket v1.5.0
 	github.com/kellydunn/golang-geo v0.7.0
-	github.com/kerberos-io/joy4 v1.0.58
+	github.com/kerberos-io/joy4 v1.0.60
 	github.com/kerberos-io/onvif v0.0.7
 	github.com/minio/minio-go/v6 v6.0.57
 	github.com/nsmith5/mjpeg v0.0.0-20200913181537-54b8ada0e53e
@@ -72,7 +74,6 @@ require (
 	github.com/go-playground/validator/v10 v10.11.1 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/goccy/go-json v0.10.0 // indirect
-	github.com/gofrs/uuid v3.2.0+incompatible // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
--- a/machinery/go.sum
+++ b/machinery/go.sum
@@ -264,8 +264,8 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kellydunn/golang-geo v0.7.0 h1:A5j0/BvNgGwY6Yb6inXQxzYwlPHc6WVZR+MrarZYNNg=
 github.com/kellydunn/golang-geo v0.7.0/go.mod h1:YYlQPJ+DPEzrHx8kT3oPHC/NjyvCCXE+IuKGKdrjrcU=
-github.com/kerberos-io/joy4 v1.0.58 h1:R8EECSF+bG7o2yHC6cX/lF77Z+bDVGl6OioLZ3+5MN4=
-github.com/kerberos-io/joy4 v1.0.58/go.mod h1:nZp4AjvKvTOXRrmDyAIOw+Da+JA5OcSo/JundGfOlFU=
+github.com/kerberos-io/joy4 v1.0.60 h1:W9LMTHw+Lgz4J9/28xCvvVebhcAioup49NqxYVmrH38=
+github.com/kerberos-io/joy4 v1.0.60/go.mod h1:nZp4AjvKvTOXRrmDyAIOw+Da+JA5OcSo/JundGfOlFU=
 github.com/kerberos-io/onvif v0.0.7 h1:LIrXjTH7G2W9DN69xZeJSB0uS3W1+C3huFO8kTqx7/A=
 github.com/kerberos-io/onvif v0.0.7/go.mod h1:Hr2dJOH2LM5SpYKk17gYZ1CMjhGhUl+QlT5kwYogrW0=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
--- a/machinery/main.go
+++ b/machinery/main.go
@@ -78,6 +78,21 @@ func main() {
 	case "discover":
 		log.Log.Info(timeout)

+	case "decrypt":
+		log.Log.Info("Decrypting: " + flag.Arg(0) + " with key: " + flag.Arg(1))
+		symmetricKey := []byte(flag.Arg(1))
+
+		if symmetricKey == nil || len(symmetricKey) == 0 {
+			log.Log.Fatal("Main: symmetric key should not be empty")
+			return
+		}
+		if len(symmetricKey) != 32 {
+			log.Log.Fatal("Main: symmetric key should be 32 bytes")
+			return
+		}
+
+		utils.Decrypt(flag.Arg(0), symmetricKey)
+
 	case "run":
 		{
 			// Print Kerberos.io ASCII art
--- a/machinery/src/capture/main.go
+++ b/machinery/src/capture/main.go
@@ -8,6 +8,7 @@ import (
 	"time"

 	"github.com/gin-gonic/gin"
+	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	"github.com/kerberos-io/agent/machinery/src/utils"
@@ -405,6 +406,27 @@ func HandleRecordStream(queue *pubsub.Queue, configDirectory string, configurati
 					utils.CreateFragmentedMP4(fullName, config.Capture.FragmentedDuration)
 				}

+				// Check if we need to encrypt the recording.
+				if config.Encryption != nil && config.Encryption.Enabled == "true" && config.Encryption.Recordings == "true" && config.Encryption.SymmetricKey != "" {
+					// reopen file into memory 'fullName'
+					contents, err := os.ReadFile(fullName)
+					if err == nil {
+						// encrypt
+						encryptedContents, err := encryption.AesEncrypt(contents, config.Encryption.SymmetricKey)
+						if err == nil {
+							// write back to file
+							err := os.WriteFile(fullName, []byte(encryptedContents), 0644)
+							if err != nil {
+								log.Log.Error("HandleRecordStream: error writing file: " + err.Error())
+							}
+						} else {
+							log.Log.Error("HandleRecordStream: error encrypting file: " + err.Error())
+						}
+					} else {
+						log.Log.Error("HandleRecordStream: error reading file: " + err.Error())
+					}
+				}
+
 				// Create a symbol linc.
 				fc, _ := os.Create(configDirectory + "/data/cloud/" + name)
 				fc.Close()
--- a/machinery/src/cloud/Cloud.go
+++ b/machinery/src/cloud/Cloud.go
@@ -231,7 +231,7 @@ loop:
 			log.Log.Debug("HandleHeartBeat: stopping as Offline is enabled.")
 		} else {

-			url := config.HeartbeatURI
+			hubURI := config.HeartbeatURI
 			key := ""
 			username := ""
 			vaultURI := ""
@@ -247,98 +247,110 @@ loop:

 			// This is the new way ;)
 			if config.HubURI != "" {
-				url = config.HubURI + "/devices/heartbeat"
+				hubURI = config.HubURI + "/devices/heartbeat"
 			}
 			if config.HubKey != "" {
 				key = config.HubKey
 			}

-			if key != "" {
-				// Check if we have a friendly name or not.
-				name := config.Name
-				if config.FriendlyName != "" {
-					name = config.FriendlyName
-				}
+			// Check if we have a friendly name or not.
+			name := config.Name
+			if config.FriendlyName != "" {
+				name = config.FriendlyName
+			}

-				// Get some system information
-				// like the uptime, hostname, memory usage, etc.
-				system, _ := GetSystemInfo()
+			// Get some system information
+			// like the uptime, hostname, memory usage, etc.
+			system, _ := GetSystemInfo()

-				// We will formated the uptime to a human readable format
-				// this will be used on Kerberos Hub: Uptime -> 1 day and 2 hours.
-				uptimeFormatted := uptimeStart.Format("2006-01-02 15:04:05")
-				uptimeString := carbon.Parse(uptimeFormatted).DiffForHumans()
-				uptimeString = strings.ReplaceAll(uptimeString, "ago", "")
+			// Check if the agent is running inside a cluster (Kerberos Factory) or as
+			// an open source agent
+			isEnterprise := false
+			if os.Getenv("DEPLOYMENT") == "factory" || os.Getenv("MACHINERY_ENVIRONMENT") == "kubernetes" {
+				isEnterprise = true
+			}

-				// Do the same for boottime
-				bootTimeFormatted := time.Unix(int64(system.BootTime), 0).Format("2006-01-02 15:04:05")
-				boottimeString := carbon.Parse(bootTimeFormatted).DiffForHumans()
-				boottimeString = strings.ReplaceAll(boottimeString, "ago", "")
+			// Congert to string
+			macs, _ := json.Marshal(system.MACs)
+			ips, _ := json.Marshal(system.IPs)
+			cameraConnected := "true"
+			if !communication.CameraConnected {
+				cameraConnected = "false"
+			}

-				// We'll check which mode is enabled for the camera.
-				onvifEnabled := "false"
-				onvifZoom := "false"
-				onvifPanTilt := "false"
-				onvifPresets := "false"
-				var onvifPresetsList []byte
-				if config.Capture.IPCamera.ONVIFXAddr != "" {
-					cameraConfiguration := configuration.Config.Capture.IPCamera
-					device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+			// We will formated the uptime to a human readable format
+			// this will be used on Kerberos Hub: Uptime -> 1 day and 2 hours.
+			uptimeFormatted := uptimeStart.Format("2006-01-02 15:04:05")
+			uptimeString := carbon.Parse(uptimeFormatted).DiffForHumans()
+			uptimeString = strings.ReplaceAll(uptimeString, "ago", "")
+
+			// Do the same for boottime
+			bootTimeFormatted := time.Unix(int64(system.BootTime), 0).Format("2006-01-02 15:04:05")
+			boottimeString := carbon.Parse(bootTimeFormatted).DiffForHumans()
+			boottimeString = strings.ReplaceAll(boottimeString, "ago", "")
+
+			// We'll check which mode is enabled for the camera.
+			onvifEnabled := "false"
+			onvifZoom := "false"
+			onvifPanTilt := "false"
+			onvifPresets := "false"
+			var onvifPresetsList []byte
+			if config.Capture.IPCamera.ONVIFXAddr != "" {
+				cameraConfiguration := configuration.Config.Capture.IPCamera
+				device, err := onvif.ConnectToOnvifDevice(&cameraConfiguration)
+				if err == nil {
+					configurations, err := onvif.GetPTZConfigurationsFromDevice(device)
 					if err == nil {
-						configurations, err := onvif.GetPTZConfigurationsFromDevice(device)
-						if err == nil {
-							onvifEnabled = "true"
-							_, canZoom, canPanTilt := onvif.GetPTZFunctionsFromDevice(configurations)
-							if canZoom {
-								onvifZoom = "true"
-							}
-							if canPanTilt {
-								onvifPanTilt = "true"
-							}
-							// Try to read out presets
-							presets, err := onvif.GetPresetsFromDevice(device)
-							if err == nil && len(presets) > 0 {
-								onvifPresets = "true"
-								onvifPresetsList, err = json.Marshal(presets)
-								if err != nil {
-									log.Log.Error("HandleHeartBeat: error while marshalling presets: " + err.Error())
-									onvifPresetsList = []byte("[]")
-								}
-							} else {
-								if err != nil {
-									log.Log.Error("HandleHeartBeat: error while getting presets: " + err.Error())
-								} else {
-									log.Log.Debug("HandleHeartBeat: no presets found.")
-								}
+						onvifEnabled = "true"
+						_, canZoom, canPanTilt := onvif.GetPTZFunctionsFromDevice(configurations)
+						if canZoom {
+							onvifZoom = "true"
+						}
+						if canPanTilt {
+							onvifPanTilt = "true"
+						}
+						// Try to read out presets
+						presets, err := onvif.GetPresetsFromDevice(device)
+						if err == nil && len(presets) > 0 {
+							onvifPresets = "true"
+							onvifPresetsList, err = json.Marshal(presets)
+							if err != nil {
+								log.Log.Error("HandleHeartBeat: error while marshalling presets: " + err.Error())
 								onvifPresetsList = []byte("[]")
 							}
 						} else {
-							log.Log.Error("HandleHeartBeat: error while getting PTZ configurations: " + err.Error())
+							if err != nil {
+								log.Log.Error("HandleHeartBeat: error while getting presets: " + err.Error())
+							} else {
+								log.Log.Debug("HandleHeartBeat: no presets found.")
+							}
 							onvifPresetsList = []byte("[]")
 						}
 					} else {
-						log.Log.Error("HandleHeartBeat: error while connecting to ONVIF device: " + err.Error())
+						log.Log.Error("HandleHeartBeat: error while getting PTZ configurations: " + err.Error())
 						onvifPresetsList = []byte("[]")
 					}
 				} else {
-					log.Log.Debug("HandleHeartBeat: ONVIF is not enabled.")
+					log.Log.Error("HandleHeartBeat: error while connecting to ONVIF device: " + err.Error())
 					onvifPresetsList = []byte("[]")
 				}
+			} else {
+				log.Log.Debug("HandleHeartBeat: ONVIF is not enabled.")
+				onvifPresetsList = []byte("[]")
+			}

-				// Check if the agent is running inside a cluster (Kerberos Factory) or as
-				// an open source agent
-				isEnterprise := false
-				if os.Getenv("DEPLOYMENT") == "factory" || os.Getenv("MACHINERY_ENVIRONMENT") == "kubernetes" {
-					isEnterprise = true
+			var client *http.Client
+			if os.Getenv("AGENT_TLS_INSECURE") == "true" {
+				tr := &http.Transport{
+					TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 				}
+				client = &http.Client{Transport: tr}
+			} else {
+				client = &http.Client{}
+			}

-				// Congert to string
-				macs, _ := json.Marshal(system.MACs)
-				ips, _ := json.Marshal(system.IPs)
-				cameraConnected := "true"
-				if communication.CameraConnected == false {
-					cameraConnected = "false"
-				}
+			// We need a hub URI and hub public key before we will send a heartbeat
+			if hubURI != "" && key != "" {

 				var object = fmt.Sprintf(`{
 						"key" : "%s",
@@ -380,19 +392,8 @@ loop:

 				var jsonStr = []byte(object)
 				buffy := bytes.NewBuffer(jsonStr)
-				req, _ := http.NewRequest("POST", url, buffy)
+				req, _ := http.NewRequest("POST", hubURI, buffy)
 				req.Header.Set("Content-Type", "application/json")
-
-				var client *http.Client
-				if os.Getenv("AGENT_TLS_INSECURE") == "true" {
-					tr := &http.Transport{
-						TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-					}
-					client = &http.Client{Transport: tr}
-				} else {
-					client = &http.Client{}
-				}
-
 				resp, err := client.Do(req)
 				if resp != nil {
 					resp.Body.Close()
@@ -406,27 +407,68 @@ loop:
 					}
 					log.Log.Error("HandleHeartBeat: (400) Something went wrong while sending to Kerberos Hub.")
 				}
-
-				// If we have a Kerberos Vault connected, we will also send some analytics
-				// to that service.
-				vaultURI = config.KStorage.URI
-				if vaultURI != "" {
-					buffy = bytes.NewBuffer(jsonStr)
-					req, _ = http.NewRequest("POST", vaultURI+"/devices/heartbeat", buffy)
-					req.Header.Set("Content-Type", "application/json")
-					resp, err = client.Do(req)
-					if resp != nil {
-						resp.Body.Close()
-					}
-					if err == nil && resp.StatusCode == 200 {
-						log.Log.Info("HandleHeartBeat: (200) Heartbeat received by Kerberos Vault.")
-					} else {
-						log.Log.Error("HandleHeartBeat: (400) Something went wrong while sending to Kerberos Vault.")
-					}
-				}
 			} else {
 				log.Log.Error("HandleHeartBeat: Disabled as we do not have a public key defined.")
 			}
+
+			// If we have a Kerberos Vault connected, we will also send some analytics
+			// to that service.
+			vaultURI = config.KStorage.URI
+			if vaultURI != "" {
+
+				var object = fmt.Sprintf(`{
+					"key" : "%s",
+					"version" : "3.0.0",
+					"release" : "%s",
+					"cpuid" : "%s",
+					"clouduser" : "%s",
+					"cloudpublickey" : "%s",
+					"cameraname" : "%s",
+					"enterprise" : %t,
+					"hostname" : "%s",
+					"architecture" : "%s",
+					"totalMemory" : "%d",
+					"usedMemory" : "%d",
+					"freeMemory" : "%d",
+					"processMemory" : "%d",
+					"mac_list" : %s,
+					"ip_list" : %s,
+					"board" : "",
+					"disk1size" : "%s",
+					"disk3size" : "%s",
+					"diskvdasize" :  "%s",
+					"uptime" : "%s",
+					"boot_time" : "%s",
+					"siteID" : "%s",
+					"onvif" : "%s",
+					"onvif_zoom" : "%s",
+					"onvif_pantilt" : "%s",
+					"onvif_presets": "%s",
+					"onvif_presets_list": %s,
+					"cameraConnected": "%s",
+					"numberoffiles" : "33",
+					"timestamp" : 1564747908,
+					"cameratype" : "IPCamera",
+					"docker" : true,
+					"kios" : false,
+					"raspberrypi" : false
+				}`, config.Key, system.Version, system.CPUId, username, key, name, isEnterprise, system.Hostname, system.Architecture, system.TotalMemory, system.UsedMemory, system.FreeMemory, system.ProcessUsedMemory, macs, ips, "0", "0", "0", uptimeString, boottimeString, config.HubSite, onvifEnabled, onvifZoom, onvifPanTilt, onvifPresets, onvifPresetsList, cameraConnected)
+
+				var jsonStr = []byte(object)
+				buffy := bytes.NewBuffer(jsonStr)
+				req, _ := http.NewRequest("POST", vaultURI+"/devices/heartbeat", buffy)
+				req.Header.Set("Content-Type", "application/json")
+
+				resp, err := client.Do(req)
+				if resp != nil {
+					resp.Body.Close()
+				}
+				if err == nil && resp.StatusCode == 200 {
+					log.Log.Info("HandleHeartBeat: (200) Heartbeat received by Kerberos Vault.")
+				} else {
+					log.Log.Error("HandleHeartBeat: (400) Something went wrong while sending to Kerberos Vault.")
+				}
+			}
 		}

 		// This will check if we need to stop the thread,
@@ -554,10 +596,12 @@ func HandleLiveStreamHD(livestreamCursor *pubsub.QueueCursor, configuration *mod
 				for handshake := range communication.HandleLiveHDHandshake {
 					log.Log.Info("HandleLiveStreamHD: setting up a peer connection.")
 					key := config.Key + "/" + handshake.SessionID
+					webrtc.CandidatesMutex.Lock()
 					_, ok := webrtc.CandidateArrays[key]
 					if !ok {
 						webrtc.CandidateArrays[key] = make(chan string)
 					}
+					webrtc.CandidatesMutex.Unlock()
 					webrtc.InitializeWebRTCConnection(configuration, communication, mqttClient, videoTrack, audioTrack, handshake, webrtc.CandidateArrays[key])

 				}
@@ -778,7 +822,7 @@ func VerifyPersistence(c *gin.Context, configDirectory string) {
 								"_6-967003_" + config.Name + "_200-200-400-400_24_769.mp4"

 							// Open test-480p.mp4
-							file, err := os.Open(configDirectory + "/test-480p.mp4")
+							file, err := os.Open(configDirectory + "/data/test-480p.mp4")
 							if err != nil {
 								msg := "VerifyPersistence: error reading test-480p.mp4: " + err.Error()
 								log.Log.Error(msg)
--- a/machinery/src/config/main.go
+++ b/machinery/src/config/main.go
@@ -162,6 +162,12 @@ func OpenConfig(configDirectory string, configuration *models.Configuration) {
 		conjungo.Merge(&s3, configuration.CustomConfig.S3, opts)
 		configuration.Config.S3 = &s3

+		// Merge Encryption settings
+		var encryption models.Encryption
+		conjungo.Merge(&encryption, configuration.GlobalConfig.Encryption, opts)
+		conjungo.Merge(&encryption, configuration.CustomConfig.Encryption, opts)
+		configuration.Config.Encryption = &encryption
+
 		// Merge timetable manually because it's an array
 		configuration.Config.Timetable = configuration.CustomConfig.Timetable

@@ -464,11 +470,10 @@ func OverrideWithEnvironmentVariables(configuration *models.Configuration) {

 			/* When encryption is enabled */
 			case "AGENT_ENCRYPTION":
-				if value == "true" {
-					configuration.Config.Encryption.Enabled = true
-				} else {
-					configuration.Config.Encryption.Enabled = false
-				}
+				configuration.Config.Encryption.Enabled = value
+				break
+			case "AGENT_ENCRYPTION_RECORDINGS":
+				configuration.Config.Encryption.Recordings = value
 				break
 			case "AGENT_ENCRYPTION_FINGERPRINT":
 				configuration.Config.Encryption.Fingerprint = value
@@ -510,6 +515,15 @@ func SaveConfig(configDirectory string, config models.Config, configuration *mod
 }

 func StoreConfig(configDirectory string, config models.Config) error {
+
+	// Encryption key can be set wrong.
+	if config.Encryption != nil {
+		encryptionPrivateKey := config.Encryption.PrivateKey
+		// Replace \\n by \n
+		encryptionPrivateKey = strings.ReplaceAll(encryptionPrivateKey, "\\n", "\n")
+		config.Encryption.PrivateKey = encryptionPrivateKey
+	}
+
 	// Save into database
 	if os.Getenv("DEPLOYMENT") == "factory" || os.Getenv("MACHINERY_ENVIRONMENT") == "kubernetes" {
 		// Write to mongodb
--- a/machinery/src/encryption/main.go
+++ b/machinery/src/encryption/main.go
@@ -38,58 +38,58 @@ func SignWithPrivateKey(data []byte, privateKey *rsa.PrivateKey) ([]byte, error)
 	return signature, err
 }

-func AesEncrypt(content string, password string) (string, error) {
+func AesEncrypt(content []byte, password string) ([]byte, error) {
 	salt := make([]byte, 8)
 	_, err := rand.Read(salt)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	key, iv, err := DefaultEvpKDF([]byte(password), salt)

 	block, err := aes.NewCipher(key)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	mode := cipher.NewCBCEncrypter(block, iv)
-	cipherBytes := PKCS5Padding([]byte(content), aes.BlockSize)
+	cipherBytes := PKCS5Padding(content, aes.BlockSize)
 	mode.CryptBlocks(cipherBytes, cipherBytes)

-	data := make([]byte, 16+len(cipherBytes))
-	copy(data[:8], []byte("Salted__"))
-	copy(data[8:16], salt)
-	copy(data[16:], cipherBytes)
+	cipherText := make([]byte, 16+len(cipherBytes))
+	copy(cipherText[:8], []byte("Salted__"))
+	copy(cipherText[8:16], salt)
+	copy(cipherText[16:], cipherBytes)

-	cipherText := base64.StdEncoding.EncodeToString(data)
+	//cipherText := base64.StdEncoding.EncodeToString(data)
 	return cipherText, nil
 }

-func AesDecrypt(cipherText string, password string) (string, error) {
-	data, err := base64.StdEncoding.DecodeString(cipherText)
-	if err != nil {
-		return "", err
-	}
-	if string(data[:8]) != "Salted__" {
-		return "", errors.New("invalid crypto js aes encryption")
+func AesDecrypt(cipherText []byte, password string) ([]byte, error) {
+	//data, err := base64.StdEncoding.DecodeString(cipherText)
+	//if err != nil {
+	//	return nil, err
+	//}
+	if string(cipherText[:8]) != "Salted__" {
+		return nil, errors.New("invalid crypto js aes encryption")
 	}

-	salt := data[8:16]
-	cipherBytes := data[16:]
+	salt := cipherText[8:16]
+	cipherBytes := cipherText[16:]
 	key, iv, err := DefaultEvpKDF([]byte(password), salt)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	block, err := aes.NewCipher(key)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	mode := cipher.NewCBCDecrypter(block, iv)
 	mode.CryptBlocks(cipherBytes, cipherBytes)

 	result := PKCS5UnPadding(cipherBytes)
-	return string(result), nil
+	return result, nil
 }

 // https://stackoverflow.com/questions/27677236/encryption-in-javascript-and-decryption-with-php/27678978#27678978
--- a/machinery/src/models/Config.go
+++ b/machinery/src/models/Config.go
@@ -42,7 +42,7 @@ type Config struct {
 	HubPrivateKey     string       `json:"hub_private_key" bson:"hub_private_key"`
 	HubSite           string       `json:"hub_site" bson:"hub_site"`
 	ConditionURI      string       `json:"condition_uri" bson:"condition_uri"`
-	Encryption        *Encryption  `json:"encryption" bson:"encryption"`
+	Encryption        *Encryption  `json:"encryption,omitempty" bson:"encryption,omitempty"`
 }

 // Capture defines which camera type (Id) you are using (IP, USB or Raspberry Pi camera),
@@ -161,7 +161,8 @@ type Dropbox struct {

 // Encryption
 type Encryption struct {
-	Enabled      bool   `json:"enabled" bson:"enabled"`
+	Enabled      string `json:"enabled" bson:"enabled"`
+	Recordings   string `json:"recordings" bson:"recordings"`
 	Fingerprint  string `json:"fingerprint" bson:"fingerprint"`
 	PrivateKey   string `json:"private_key" bson:"private_key"`
 	SymmetricKey string `json:"symmetric_key" bson:"symmetric_key"`
--- a/machinery/src/models/MQTT.go
+++ b/machinery/src/models/MQTT.go
@@ -30,7 +30,7 @@ func PackageMQTTMessage(configuration *Configuration, msg Message) ([]byte, erro
 	// At the moment we don't do the encryption part, but we'll implement it
 	// once the legacy methods (subscriptions are moved).
 	msg.Encrypted = false
-	if configuration.Config.Encryption != nil && configuration.Config.Encryption.Enabled {
+	if configuration.Config.Encryption != nil && configuration.Config.Encryption.Enabled == "true" {
 		msg.Encrypted = true
 	}
 	msg.PublicKey = ""
@@ -65,15 +65,19 @@ func PackageMQTTMessage(configuration *Configuration, msg Message) ([]byte, erro

 			// Create a 16bit key random
 			k := configuration.Config.Encryption.SymmetricKey
-			encryptedValue, err := encryption.AesEncrypt(string(data), k)
+			encryptedValue, err := encryption.AesEncrypt(data, k)
+			if err == nil {

-			// Sign the encrypted value
-			signature, err := encryption.SignWithPrivateKey([]byte(encryptedValue), rsaKey)
-			base64Signature := base64.StdEncoding.EncodeToString(signature)
-
-			msg.Payload.EncryptedValue = encryptedValue
-			msg.Payload.Signature = base64Signature
-			msg.Payload.Value = make(map[string]interface{})
+				data := base64.StdEncoding.EncodeToString(encryptedValue)
+				// Sign the encrypted value
+				signature, err := encryption.SignWithPrivateKey([]byte(data), rsaKey)
+				if err == nil {
+					base64Signature := base64.StdEncoding.EncodeToString(signature)
+					msg.Payload.EncryptedValue = data
+					msg.Payload.Signature = base64Signature
+					msg.Payload.Value = make(map[string]interface{})
+				}
+			}
 		}
 	}

--- a/machinery/src/routers/http/Server.go
+++ b/machinery/src/routers/http/Server.go
@@ -1,7 +1,9 @@
 package http

 import (
+	"io"
 	"os"
+	"strconv"

 	jwt "github.com/appleboy/gin-jwt/v2"
 	"github.com/gin-contrib/pprof"
@@ -12,6 +14,7 @@ import (
 	"log"

 	_ "github.com/kerberos-io/agent/machinery/docs"
+	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/models"
 	swaggerFiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
@@ -77,7 +80,7 @@ func StartServer(configDirectory string, configuration *models.Configuration, co
 	r.Use(static.Serve("/settings", static.LocalFile(configDirectory+"/www", true)))
 	r.Use(static.Serve("/login", static.LocalFile(configDirectory+"/www", true)))
 	r.Handle("GET", "/file/*filepath", func(c *gin.Context) {
-		Files(c, configDirectory)
+		Files(c, configDirectory, configuration)
 	})

 	// Run the api on port
@@ -87,8 +90,50 @@ func StartServer(configDirectory string, configuration *models.Configuration, co
 	}
 }

-func Files(c *gin.Context, configDirectory string) {
-	c.Header("Access-Control-Allow-Origin", "*")
-	c.Header("Content-Type", "video/mp4")
-	c.File(configDirectory + "/data/recordings" + c.Param("filepath"))
+func Files(c *gin.Context, configDirectory string, configuration *models.Configuration) {
+
+	// Get File
+	filePath := configDirectory + "/data/recordings" + c.Param("filepath")
+	_, err := os.Open(filePath)
+	if err != nil {
+		c.JSON(404, gin.H{"error": "File not found"})
+		return
+	}
+
+	contents, err := os.ReadFile(filePath)
+	if err == nil {
+
+		// Get symmetric key
+		symmetricKey := configuration.Config.Encryption.SymmetricKey
+		// Decrypt file
+		if symmetricKey != "" {
+
+			// Read file
+			if err != nil {
+				c.JSON(404, gin.H{"error": "File not found"})
+				return
+			}
+
+			// Decrypt file
+			contents, err = encryption.AesDecrypt(contents, symmetricKey)
+			if err != nil {
+				c.JSON(404, gin.H{"error": "File not found"})
+				return
+			}
+		}
+
+		// Get fileSize from contents
+		fileSize := len(contents)
+
+		// Send file to gin
+		c.Header("Access-Control-Allow-Origin", "*")
+		c.Header("Content-Disposition", "attachment; filename="+filePath)
+		c.Header("Content-Type", "video/mp4")
+		c.Header("Content-Length", strconv.Itoa(fileSize))
+		// Send contents to gin
+		io.WriteString(c.Writer, string(contents))
+	} else {
+		c.JSON(404, gin.H{"error": "File not found"})
+		return
+	}
 }
--- a/machinery/src/routers/mqtt/main.go
+++ b/machinery/src/routers/mqtt/main.go
@@ -3,6 +3,7 @@ package mqtt
 import (
 	"crypto/rsa"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
@@ -168,7 +169,7 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory
 				// Messages might be encrypted, if so we'll
 				// need to decrypt them.
 				var payload models.Payload
-				if message.Encrypted && configuration.Config.Encryption != nil && configuration.Config.Encryption.Enabled {
+				if message.Encrypted && configuration.Config.Encryption != nil && configuration.Config.Encryption.Enabled == "true" {
 					encryptedValue := message.Payload.EncryptedValue
 					if len(encryptedValue) > 0 {
 						symmetricKey := configuration.Config.Encryption.SymmetricKey
@@ -198,12 +199,16 @@ func MQTTListenerHandler(mqttClient mqtt.Client, hubKey string, configDirectory
 								if decryptedKey != nil {
 									if string(decryptedKey) == symmetricKey {
 										// Decrypt value with decryptedKey
-										decryptedValue, err := encryption.AesDecrypt(encryptedValue, string(decryptedKey))
+										data, err := base64.StdEncoding.DecodeString(encryptedValue)
+										if err != nil {
+											return
+										}
+										decryptedValue, err := encryption.AesDecrypt(data, string(decryptedKey))
 										if err != nil {
 											log.Log.Error("MQTTListenerHandler: error decrypting message: " + err.Error())
 											return
 										}
-										json.Unmarshal([]byte(decryptedValue), &payload)
+										json.Unmarshal(decryptedValue, &payload)
 									} else {
 										log.Log.Error("MQTTListenerHandler: error decrypting message, assymetric keys do not match.")
 										return
@@ -333,10 +338,16 @@ func HandleRequestConfig(mqttClient mqtt.Client, hubKey string, payload models.P

 		if key != "" && name != "" {

+			// Copy the config, as we don't want to share the encryption part.
+			deepCopy := configuration.Config
+
 			var configMap map[string]interface{}
-			inrec, _ := json.Marshal(configuration.Config)
+			inrec, _ := json.Marshal(deepCopy)
 			json.Unmarshal(inrec, &configMap)

+			// Unset encryption part.
+			delete(configMap, "encryption")
+
 			message := models.Message{
 				Payload: models.Payload{
 					Action:   "receive-config",
@@ -370,6 +381,10 @@ func HandleUpdateConfig(mqttClient mqtt.Client, hubKey string, payload models.Pa
 	if configPayload.Timestamp != 0 {

 		config := configPayload.Config
+
+		// Make sure to remove Encryption part, as we don't want to save it.
+		config.Encryption = configuration.Config.Encryption
+
 		err := configService.SaveConfig(configDirectory, config, configuration, communication)
 		if err == nil {
 			log.Log.Info("HandleUpdateConfig: Config updated")
@@ -442,7 +457,12 @@ func HandleReceiveHDCandidates(mqttClient mqtt.Client, hubKey string, payload mo

 	if receiveHDCandidatesPayload.Timestamp != 0 {
 		if communication.CameraConnected {
-			channel := webrtc.CandidateArrays[receiveHDCandidatesPayload.SessionID]
+			key := configuration.Config.Key + "/" + receiveHDCandidatesPayload.SessionID
+			channel := webrtc.CandidateArrays[key]
+			if channel == nil {
+				channel = make(chan string)
+				webrtc.CandidateArrays[key] = channel
+			}
 			log.Log.Info("HandleReceiveHDCandidates: " + receiveHDCandidatesPayload.Candidate)
 			channel <- receiveHDCandidatesPayload.Candidate
 		} else {
--- a/machinery/src/utils/main.go
+++ b/machinery/src/utils/main.go
@@ -15,6 +15,7 @@ import (
 	"strings"
 	"time"

+	"github.com/kerberos-io/agent/machinery/src/encryption"
 	"github.com/kerberos-io/agent/machinery/src/log"
 	"github.com/kerberos-io/agent/machinery/src/models"
 )
@@ -330,3 +331,67 @@ func PrintConfiguration(configuration *models.Configuration) {
 	}
 	log.Log.Info("Printing our configuration (config.json): " + configurationVariables)
 }
+
+func Decrypt(directoryOrFile string, symmetricKey []byte) {
+	// Check if file or directory
+	fileInfo, err := os.Stat(directoryOrFile)
+	if err != nil {
+		log.Log.Fatal(err.Error())
+		return
+	}
+
+	var files []string
+	if fileInfo.IsDir() {
+		// Create decrypted directory
+		err = os.MkdirAll(directoryOrFile+"/decrypted", 0755)
+		if err != nil {
+			log.Log.Fatal(err.Error())
+			return
+		}
+		dir, err := os.ReadDir(directoryOrFile)
+		if err != nil {
+			log.Log.Fatal(err.Error())
+			return
+		}
+		for _, file := range dir {
+			// Check if file is not a directory
+			if !file.IsDir() {
+				// Check if an mp4 file
+				if strings.HasSuffix(file.Name(), ".mp4") {
+					files = append(files, directoryOrFile+"/"+file.Name())
+				}
+			}
+		}
+	} else {
+		files = append(files, directoryOrFile)
+	}
+
+	// We'll loop over all files and decrypt them one by one.
+	for _, file := range files {
+
+		// Read file
+		content, err := os.ReadFile(file)
+		if err != nil {
+			log.Log.Fatal(err.Error())
+			return
+		}
+		// Decrypt using AES key
+		decrypted, err := encryption.AesDecrypt(content, string(symmetricKey))
+		if err != nil {
+			log.Log.Fatal("Something went wrong while decrypting: " + err.Error())
+			return
+		}
+
+		// Write decrypted content to file with appended .decrypted
+		// Get filename split by / and get last element.
+		fileParts := strings.Split(file, "/")
+		fileName := fileParts[len(fileParts)-1]
+		pathToFile := strings.Join(fileParts[:len(fileParts)-1], "/")
+
+		err = os.WriteFile(pathToFile+"/decrypted/"+fileName, []byte(decrypted), 0644)
+		if err != nil {
+			log.Log.Fatal(err.Error())
+			return
+		}
+	}
+}
--- a/machinery/src/webrtc/main.go
+++ b/machinery/src/webrtc/main.go
@@ -125,6 +125,7 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 						Credential: w.TurnServersCredential,
 					},
 				},
+				//ICETransportPolicy: pionWebRTC.ICETransportPolicyRelay,
 			},
 		)

@@ -179,6 +180,9 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				panic(err)
 			}

+			// When an ICE candidate is available send to the other Pion instance
+			// the other Pion instance will add this candidate by calling AddICECandidate
+			var candidatesMux sync.Mutex
 			// When an ICE candidate is available send to the other peer using the signaling server (MQTT).
 			// The other peer will add this candidate by calling AddICECandidate
 			peerConnection.OnICECandidate(func(candidate *pionWebRTC.ICECandidate) {
@@ -186,6 +190,9 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 					return
 				}

+				candidatesMux.Lock()
+				defer candidatesMux.Unlock()
+
 				//  Create a config map
 				valueMap := make(map[string]interface{})
 				candateJSON := candidate.ToJSON()
@@ -208,7 +215,9 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				}
 				payload, err := models.PackageMQTTMessage(configuration, message)
 				if err == nil {
-					mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+					log.Log.Info("InitializeWebRTCConnection:" + string(candateBinary))
+					token := mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
+					token.Wait()
 				} else {
 					log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
 				}
@@ -233,7 +242,8 @@ func InitializeWebRTCConnection(configuration *models.Configuration, communicati
 				}
 				payload, err := models.PackageMQTTMessage(configuration, message)
 				if err == nil {
-					mqttClient.Publish("kerberos/hub/"+hubKey, 0, false, payload)
+					token := mqttClient.Publish("kerberos/hub/"+hubKey, 2, false, payload)
+					token.Wait()
 				} else {
 					log.Log.Info("HandleRequestConfig: something went wrong while sending acknowledge config to hub: " + string(payload))
 				}
--- a/ui/.eslintrc.json
+++ b/ui/.eslintrc.json
@@ -25,6 +25,7 @@
    "jsx-a11y/media-has-caption": "off",
    "jsx-a11y/anchor-is-valid": "off",
    "jsx-a11y/click-events-have-key-events": "off",
+    "jsx-a11y/control-has-associated-label": "off",
    "jsx-a11y/no-noninteractive-element-interactions": "off",
    "jsx-a11y/no-static-element-interactions": "off",
    "jsx-a11y/label-has-associated-control": [
--- a/ui/public/locales/de/translation.json
+++ b/ui/public/locales/de/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Erweiterte Konfiguration",
      "description_advanced_configuration": "Erweiterte Einstellungen um Funktionen des Kerberos Agent zu aktivieren oder deaktivieren",
      "offline_mode": "Offline Modus",
-      "description_offline_mode": "Ausgehende Verbindungen deaktivieren"
+      "description_offline_mode": "Ausgehende Verbindungen deaktivieren",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Kamera",
--- a/ui/public/locales/en/translation.json
+++ b/ui/public/locales/en/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Advanced configuration",
      "description_advanced_configuration": "Detailed configuration options to enable or disable specific parts of the Kerberos Agent",
      "offline_mode": "Offline mode",
-      "description_offline_mode": "Disable all outgoing traffic"
+      "description_offline_mode": "Disable all outgoing traffic",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Camera",
--- a/ui/public/locales/es/translation.json
+++ b/ui/public/locales/es/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Advanced configuration",
      "description_advanced_configuration": "Detailed configuration options to enable or disable specific parts of the Kerberos Agent",
      "offline_mode": "Offline mode",
-      "description_offline_mode": "Disable all outgoing traffic"
+      "description_offline_mode": "Disable all outgoing traffic",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Camera",
--- a/ui/public/locales/fr/translation.json
+++ b/ui/public/locales/fr/translation.json
@@ -84,7 +84,16 @@
      "advanced_configuration": "Configuration avancée",
      "description_advanced_configuration": "Les options de configuration détaillées pour activer ou désactiver des composants spécifiques de l'Agent Kerberos",
      "offline_mode": "Mode hors-ligne",
-      "description_offline_mode": "Désactiver tout le trafic sortant"
+      "description_offline_mode": "Désactiver tout le trafic sortant",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Caméra",
--- a/ui/public/locales/hi/translation.json
+++ b/ui/public/locales/hi/translation.json
@@ -0,0 +1,224 @@
+{
+  "breadcrumb": {
+    "watch_recordings": "रिकॉर्डिंग देखें",
+    "configure": "कॉन्फ़िगर"
+  },
+  "buttons": {
+    "save": "सेव्ह",
+    "verify_connection": "कनेक्शन चेक करें"
+  },
+  "navigation": {
+    "profile": "प्रोफ़ाइल",
+    "admin": "व्यवस्थापक",
+    "management": "प्रबंध",
+    "dashboard": "डैशबोर्ड",
+    "recordings": "रिकॉर्डिंग",
+    "settings": "सेटिंग",
+    "help_support": "मदद",
+    "swagger": "स्वैगर एपीआई",
+    "documentation": "प्रलेखन",
+    "ui_library": "यूआई लाइब्रेरी",
+    "layout": "भाषा और लेआऊट",
+    "choose_language": "भाषा चुनें"
+  },
+  "dashboard": {
+    "title": "डैशबोर्ड",
+    "heading": "आपके वीडियो निगरानी का अवलोकन",
+    "number_of_days": "दिनों की संख्या",
+    "total_recordings": "कुल रिकॉर्डिंग",
+    "connected": "जुड़े है",
+    "not_connected": "जुड़े नहीं हैं",
+    "offline_mode": "ऑफ़लाइन मोड",
+    "latest_events": "नवीनतम घटनाए",
+    "configure_connection": "कनेक्शन कॉन्फ़िगर करें",
+    "no_events": "कोई घटनाए नहीं",
+    "no_events_description": "कोई रिकॉर्डिंग नहीं मिली, सुनिश्चित करें कि आपका Kerberos एजेंट ठीक से कॉन्फ़िगर किया गया है।",
+    "motion_detected": "मोशन का पता चला",
+    "live_view": "लाइव देखें",
+    "loading_live_view": "लाइव दृश्य लोड हो रहा है",
+    "loading_live_view_description": "रुकिए हम आपका लाइव व्यू यहां लोड कर रहे हैं। ",
+    "time": "समय",
+    "description": "विवरण",
+    "name": "नाम"
+  },
+  "recordings": {
+    "title": "रिकॉर्डिंग",
+    "heading": "आपकी सभी रिकॉर्डिंग एक ही स्थान पर",
+    "search_media": "मीडिया खोजें"
+  },
+  "settings": {
+    "title": "सेटिंग",
+    "heading": "अपना कैमरा ऑनबोर्ड करें",
+    "submenu": {
+      "all": "सभी",
+      "overview": "अवलोकन",
+      "camera": "कैमरा",
+      "recording": "रिकॉर्डिंग",
+      "streaming": "स्ट्रीमिंग",
+      "conditions": "कंडीशन",
+      "persistence": "परसीस्टेन्स"
+    },
+    "info": {
+      "kerberos_hub_demo": "Kerberos हब को क्रियाशील देखने के लिए हमारे Kerberos हब डेमो पर एक नज़र डालें!",
+      "configuration_updated_success": "आपका कॉन्फ़िगरेशन सफलतापूर्वक अपडेट कर दिया गया है.",
+      "configuration_updated_error": "सहेजते समय कुछ ग़लत हो गया.",
+      "verify_hub": "अपनी Kerberos हब सेटिंग सत्यापित की जा रही है।",
+      "verify_hub_success": "कर्बेरोस हब सेटिंग्स सफलतापूर्वक सत्यापित हो गईं।",
+      "verify_hub_error": "कर्बरोस हब का सत्यापन करते समय कुछ गलत हो गया",
+      "verify_persistence": "आपकी दृढ़ता सेटिंग सत्यापित की जा रही है.",
+      "verify_persistence_success": "दृढ़ता सेटिंग्स सफलतापूर्वक सत्यापित की गई हैं।",
+      "verify_persistence_error": "दृढ़ता की पुष्टि करते समय कुछ गलत हो गया",
+      "verify_camera": "अपनी कैमरा सेटिंग सत्यापित कर रहा है।",
+      "verify_camera_success": "कैमरा सेटिंग्स सफलतापूर्वक सत्यापित हो गईं।",
+      "verify_camera_error": "कैमरा सेटिंग्स सत्यापित करते समय कुछ गलत हो गया",
+      "verify_onvif": "अपनी ONVIF सेटिंग्स सत्यापित कर रहा हूँ।",
+      "verify_onvif_success": "ONVIF सेटिंग्स सफलतापूर्वक सत्यापित हो गईं।",
+      "verify_onvif_error": "ONVIF सेटिंग्स सत्यापित करते समय कुछ गलत हो गया"
+    },
+    "overview": {
+      "general": "सामान्य",
+      "description_general": "आपके Kerberos एजेंट के लिए सामान्य सेटिंग्स",
+      "key": "की",
+      "camera_name": "कैमरे का नाम",
+      "timezone": "समय क्षेत्र",
+      "select_timezone": "समयक्षेत्र चुनें",
+      "advanced_configuration": "एडवांस कॉन्फ़िगरेशन",
+      "description_advanced_configuration": "Kerberos एजेंट के विशिष्ट भागों को सक्षम या अक्षम करने के लिए विस्तृत कॉन्फ़िगरेशन विकल्प",
+      "offline_mode": "ऑफ़लाइन मोड",
+      "description_offline_mode": "सभी आउटगोइंग ट्रैफ़िक अक्षम करें",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
+    },
+    "camera": {
+      "camera": "कैमरा",
+      "description_camera": "आपकी पसंद के कैमरे से कनेक्शन बनाने के लिए कैमरा सेटिंग्स की आवश्यकता होती है।",
+      "only_h264": "वर्तमान में केवल H264 RTSP स्ट्रीम समर्थित हैं।",
+      "rtsp_url": "RTSP  URL",
+      "rtsp_h264": "आपके कैमरे से H264 RTSP कनेक्शन।",
+      "sub_rtsp_url": "दुसरी RTSP URL (लाइवस्ट्रीमिंग के लिए प्रयुक्त)",
+      "sub_rtsp_h264": "आपके कैमरे के कम रिज़ॉल्यूशन के लिए एक दुसरी RTSP कनेक्शन।",
+      "onvif": "ONVIF",
+      "description_onvif": "ONVIF क्षमताओं के साथ संचार करने के लिए क्रेडेन्शियल। ",
+      "onvif_xaddr": "ONVIF xaddr",
+      "onvif_username": "ONVIF उपयोक्तानाम",
+      "onvif_password": "ओएनवीआईएफ पासवर्ड",
+      "verify_connection": "कनेक्शन सत्यापित करें",
+      "verify_sub_connection": "उप कनेक्शन सत्यापित करें"
+    },
+    "recording": {
+      "recording": "रिकॉर्डिंग",
+      "description_recording": "निर्दिष्ट करें कि आप रिकॉर्डिंग कैसे करना चाहेंगे. ",
+      "continuous_recording": "लगातार रिकॉर्डिंग",
+      "description_continuous_recording": "24/7 या गति आधारित रिकॉर्डिंग करें।",
+      "max_duration": "अधिकतम वीडियो अवधि (सेकंड)",
+      "description_max_duration": "रिकॉर्डिंग की अधिकतम अवधि.",
+      "pre_recording": "पूर्व रिकॉर्डिंग (key frames buffered)",
+      "description_pre_recording": "किसी घटना के घटित होने से सेकंड पहले.",
+      "post_recording": "पोस्ट रिकॉर्डिंग (सेकंड)",
+      "description_post_recording": "किसी घटना के घटित होने के सेकंड बाद.",
+      "threshold": "रिकॉर्डिंग सीमा (पिक्सेल)",
+      "description_threshold": "रिकॉर्ड करने के लिए पिक्सेल की संख्या बदल दी गई",
+      "autoclean": "अपने आप क्लीन करे",
+      "description_autoclean": "निर्दिष्ट करें कि क्या Kerberos एजेंट एक विशिष्ट क्षमता (एमबी) तक पहुंचने पर रिकॉर्डिंग को क्लीन कर सकता है। ",
+      "autoclean_enable": "स्वतः क्लीन सक्षम करें",
+      "autoclean_description_enable": "क्षमता पूरी होने पर सबसे पुरानी रिकॉर्डिंग हटा दें।",
+      "autoclean_max_directory_size": "अधिकतम डिरेक्टरी आकार (एमबी)",
+      "autoclean_description_max_directory_size": "संग्रहीत रिकॉर्डिंग की अधिकतम एमबी।",
+      "fragmentedrecordings": "खंडित रिकॉर्डिंग",
+      "description_fragmentedrecordings": "जब रिकॉर्डिंग खंडित हो जाती हैं तो वे HLS स्ट्रीम के लिए उपयुक्त होती हैं। ",
+      "fragmentedrecordings_enable": "विखंडन सक्षम करें",
+      "fragmentedrecordings_description_enable": "HLS के लिए खंडित रिकॉर्डिंग आवश्यक हैं।",
+      "fragmentedrecordings_duration": "खंड अवधि",
+      "fragmentedrecordings_description_duration": "एक टुकड़े की अवधि."
+    },
+    "streaming": {
+      "stun_turn": "WebRTC के लिए STUN/TURN",
+      "description_stun_turn": "पूर्ण-रिज़ॉल्यूशन लाइवस्ट्रीमिंग के लिए हम WebRTC की अवधारणा का उपयोग करते हैं। ",
+      "stun_server": "STUN server",
+      "turn_server": "TURN server",
+      "turn_username": "उपयोगकर्ता नाम",
+      "turn_password": "पासवर्ड",
+      "stun_turn_forward": "फोरवर्डींग और ट्रांसकोडिंग",
+      "stun_turn_description_forward": "TURN/STUN संचार के लिए अनुकूलन और संवर्द्धन।",
+      "stun_turn_webrtc": "WebRTC ब्रोकर को फोरवर्डींग किया जा रहा है",
+      "stun_turn_description_webrtc": "MQTT के माध्यम से h264 स्ट्रीम को फोरवर्डींग करें",
+      "stun_turn_transcode": "ट्रांसकोड स्ट्रीम",
+      "stun_turn_description_transcode": "स्ट्रीम को कम रिज़ॉल्यूशन में बदलें",
+      "stun_turn_downscale": "डाउनस्केल रिज़ॉल्यूशन (% या मूल रिज़ॉल्यूशन में)",
+      "mqtt": "MQTT",
+      "description_mqtt": "एक MQTT ब्रोकर का उपयोग काम्युनिकेट करने के लिए किया जाता है",
+      "description2_mqtt": "उदाहरण के लिए लाइवस्ट्रीमिंग या ONVIF (PTZ) क्षमताओं को प्राप्त करने के लिए Kerberos एजेंट को।",
+      "mqtt_brokeruri": "Broker Uri",
+      "mqtt_username": "उपयोगकर्ता नाम",
+      "mqtt_password": "पासवर्ड"
+    },
+    "conditions": {
+      "timeofinterest": "रुचि का समय",
+      "description_timeofinterest": "रिकॉर्डिंग केवल विशिष्ट समय अंतराल (समय क्षेत्र के आधार पर) के बीच करें।",
+      "timeofinterest_enabled": "सक्रिय",
+      "timeofinterest_description_enabled": "सक्षम होने पर आप समय विंडो निर्दिष्ट कर सकते हैं",
+      "sunday": "रविवार",
+      "monday": "सोमवार",
+      "tuesday": "मंगलवार",
+      "wednesday": "बुधवार",
+      "thursday": "गुरुवार",
+      "friday": "शुक्रवार",
+      "saturday": "शनिवार",
+      "externalcondition": "बाह्य स्थिति",
+      "description_externalcondition": "बाहरी वेबसेवा के आधार पर रिकॉर्डिंग को सक्षम या अक्षम किया जा सकता है।",
+      "regionofinterest": "दिलचस्पी के क्षेत्र",
+      "description_regionofinterest": "एक या अधिक क्षेत्रों को परिभाषित करने से, गति को केवल आपके द्वारा परिभाषित क्षेत्रों में ही ट्रैक किया जाएगा।"
+    },
+    "persistence": {
+      "kerberoshub": "Kerberos हब",
+      "description_kerberoshub": "Kerberos एजेंट दिल की धड़कनों को सेंट्रल में भेज सकते हैं",
+      "description2_kerberoshub": "आपके वीडियो परिदृश्य के बारे में वास्तविक समय की जानकारी दिखाने के लिए दिल की धड़कन और अन्य प्रासंगिक जानकारी को केर्बरोस हब से समन्वयित किया जाता है।",
+      "persistence": "अटलता",
+      "saasoffering": "Kerberos हब (SAAS offering)",
+      "description_persistence": "अपनी रिकॉर्डिंग संग्रहीत करने की क्षमता होना हर चीज़ की शुरुआत है। ",
+      "description2_persistence": ", या कोई तृतीय पक्ष प्रदाता",
+      "select_persistence": "एक दृढ़ता का चयन करें",
+      "kerberoshub_proxyurl": "Kerberos हब प्रॉक्सी  URL",
+      "kerberoshub_description_proxyurl": "आपकी रिकॉर्डिंग अपलोड करने के लिए प्रॉक्सी एंडपॉइंट।",
+      "kerberoshub_apiurl": "Kerberos हब API  URL",
+      "kerberoshub_description_apiurl": "आपकी रिकॉर्डिंग अपलोड करने के लिए API एंडपॉइंट।",
+      "kerberoshub_publickey": "सार्वजनिक की",
+      "kerberoshub_description_publickey": "आपके Kerberos हब खाते को दी गई सार्वजनिक की।",
+      "kerberoshub_privatekey": "निजी चाबी",
+      "kerberoshub_description_privatekey": "आपके Kerberos हब खाते को दी गई निजी की।",
+      "kerberoshub_site": "साइट",
+      "kerberoshub_description_site": "साइट आईडी Kerberos एजेंट Kerberos हब से संबंधित हैं।",
+      "kerberoshub_region": "क्षेत्र",
+      "kerberoshub_description_region": "जिस क्षेत्र में हम अपनी रिकॉर्डिंग संग्रहीत कर रहे हैं।",
+      "kerberoshub_bucket": "बकेट",
+      "kerberoshub_description_bucket": "जिस बकेट में हम अपनी रिकॉर्डिंग संग्रहीत कर रहे हैं।",
+      "kerberoshub_username": "उपयोगकर्ता नाम/निर्देशिका (Kerberos हब उपयोगकर्ता नाम से मेल खाना चाहिए)",
+      "kerberoshub_description_username": "आपके Kerberos हब खाते का उपयोगकर्ता नाम।",
+      "kerberosvault_apiurl": "Kerberos वॉल्ट API  URL",
+      "kerberosvault_description_apiurl": "कर्बरोस वॉल्ट एपीआई",
+      "kerberosvault_provider": "प्रदाता",
+      "kerberosvault_description_provider": "वह प्रदाता जिसे आपकी रिकॉर्डिंग भेजी जाएगी।",
+      "kerberosvault_directory": "निर्देशिका (Kerberos हब उपयोगकर्ता नाम से मेल खाना चाहिए)",
+      "kerberosvault_description_directory": "उप निर्देशिका रिकॉर्डिंग आपके प्रदाता में संग्रहीत की जाएगी।",
+      "kerberosvault_accesskey": "प्रवेश की चाबी",
+      "kerberosvault_description_accesskey": "आपके Kerberos वॉल्ट खाते की एक्सेस की।",
+      "kerberosvault_secretkey": "गुप्त की",
+      "kerberosvault_description_secretkey": "आपके कर्बेरोस वॉल्ट खाते की गुप्त की।",
+      "dropbox_directory": "निर्देशिका",
+      "dropbox_description_directory": "वह उप निर्देशिका जहां रिकॉर्डिंग आपके ड्रॉपबॉक्स खाते में संग्रहीत की जाएगी।",
+      "dropbox_accesstoken": "एक्सेस टोकन",
+      "dropbox_description_accesstoken": "आपके ड्रॉपबॉक्स खाते/ऐप का एक्सेस टोकन।",
+      "verify_connection": "कनेक्शन सत्यापित करें",
+      "remove_after_upload": "एक बार जब रिकॉर्डिंग कुछ दृढ़ता पर अपलोड हो जाती है, तो हो सकता है कि आप उन्हें स्थानीय Kerberos एजेंट से हटाना चाहें।",
+      "remove_after_upload_description": "सफलतापूर्वक अपलोड होने के बाद रिकॉर्डिंग हटा दें।",
+      "remove_after_upload_enabled": "अपलोड पर डिलीट सक्षम"
+    }
+  }
+}
--- a/ui/public/locales/it/translation.json
+++ b/ui/public/locales/it/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Configurazione avanzata",
      "description_advanced_configuration": "Opzioni di configurazione dettagliate per abilitare o disabilitare parti specifiche del Kerberos Agent",
      "offline_mode": "Modalità offline",
-      "description_offline_mode": "Disabilita traffico in uscita"
+      "description_offline_mode": "Disabilita traffico in uscita",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Videocamera",
--- a/ui/public/locales/ja/translation.json
+++ b/ui/public/locales/ja/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "詳細設定",
      "description_advanced_configuration": "Kerberos エージェントの特定の部分を有効または無効にするための詳細な構成オプション",
      "offline_mode": "オフラインモード",
-      "description_offline_mode": "すべての送信トラフィックを無効にする"
+      "description_offline_mode": "すべての送信トラフィックを無効にする",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "カメラ",
--- a/ui/public/locales/nl/translation.json
+++ b/ui/public/locales/nl/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Geavanceerde instellingen",
      "description_advanced_configuration": "Detail instellingen om bepaalde functionaliteiten van je Kerberos Agent aan en uit te zetten",
      "offline_mode": "Offline modus",
-      "description_offline_mode": "Uitzetten van uitgaande connectiviteit"
+      "description_offline_mode": "Uitzetten van uitgaande connectiviteit",
+      "encryption": "Encrypteer",
+      "description_encryption": "Activeer encryptie voor alle uitgaande verkeer. MQTT berichten en/of opnames worden geencrypteerd met AES-256. Een private sleutel wordt gebruikt voor het ondertekenen.",
+      "encryption_enabled": "Activeer MQTT encryptie",
+      "description_encryption_enabled": "Activeer encryptie voor alle MQTT berichten.",
+      "encryption_recordings_enabled": "Activeer opname encryptie",
+      "description_encryption_recordings_enabled": "Activeer encryptie voor alle opnames.",
+      "encryption_fingerprint": "Vingerafdruk",
+      "encryption_privatekey": "Private sleutel",
+      "encryption_symmetrickey": "Symmetrische sleutel"
    },
    "camera": {
      "camera": "Camera",
--- a/ui/public/locales/pl/translation.json
+++ b/ui/public/locales/pl/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Advanced configuration",
      "description_advanced_configuration": "Detailed configuration options to enable or disable specific parts of the Kerberos Agent",
      "offline_mode": "Offline mode",
-      "description_offline_mode": "Disable all outgoing traffic"
+      "description_offline_mode": "Disable all outgoing traffic",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Camera",
--- a/ui/public/locales/pt/translation.json
+++ b/ui/public/locales/pt/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "Configurações avançadas",
      "description_advanced_configuration": "Opções de configuração detalhadas para habilitar ou desabilitar partes específicas do Kerberos Agent",
      "offline_mode": "Modo Offline",
-      "description_offline_mode": "Desative todo o tráfego de saída"
+      "description_offline_mode": "Desative todo o tráfego de saída",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "Câmera",
--- a/ui/public/locales/zh/translation.json
+++ b/ui/public/locales/zh/translation.json
@@ -85,7 +85,16 @@
      "advanced_configuration": "高级配置",
      "description_advanced_configuration": "启用或禁用 Kerberos Agent 特定部分详细配置选项",
      "offline_mode": "离线模式",
-      "description_offline_mode": "禁用所有传出流量"
+      "description_offline_mode": "禁用所有传出流量",
+      "encryption": "Encryption",
+      "description_encryption": "Enable encryption for all outgoing traffic. MQTT messages and/or recordings will be encrypted using AES-256. A private key is used for signing.",
+      "encryption_enabled": "Enable MQTT encryption",
+      "description_encryption_enabled": "Enable encryption for all MQTT messages.",
+      "encryption_recordings_enabled": "Enable recording encryption",
+      "description_encryption_recordings_enabled": "Enable encryption for all recordings.",
+      "encryption_fingerprint": "Fingerprint",
+      "encryption_privatekey": "Private key",
+      "encryption_symmetrickey": "Symmetric key"
    },
    "camera": {
      "camera": "相机",
--- a/ui/src/components/LanguageSelect/LanguageSelect.jsx
+++ b/ui/src/components/LanguageSelect/LanguageSelect.jsx
@@ -24,6 +24,7 @@ const LanguageSelect = () => {
    pt: { label: 'Português', dir: 'ltr', active: false },
    es: { label: 'Español', dir: 'ltr', active: false },
    ja: { label: '日本', dir: 'rlt', active: false },
+    hi: { label: 'हिंदी', dir: 'ltr', active: false },
  };

  if (!languageMap[selected]) {
--- a/ui/src/pages/Settings/Settings.jsx
+++ b/ui/src/pages/Settings/Settings.jsx
@@ -810,6 +810,24 @@ class Settings extends React.Component {
                      this.onUpdateDropdown('', 'timezone', value[0], config)
                    }
                  />
+                  <br />
+                  <hr />
+                  <p>
+                    {t('settings.overview.description_advanced_configuration')}
+                  </p>
+                  <div className="toggle-wrapper">
+                    <Toggle
+                      on={config.offline === 'true'}
+                      disabled={false}
+                      onClick={(event) =>
+                        this.onUpdateToggle('', 'offline', event, config)
+                      }
+                    />
+                    <div>
+                      <span>{t('settings.overview.offline_mode')}</span>
+                      <p>{t('settings.overview.description_offline_mode')}</p>
+                    </div>
+                  </div>
                </BlockBody>
                <BlockFooter>
                  <Button
@@ -1239,25 +1257,95 @@ class Settings extends React.Component {
            {showOverviewSection && (
              <Block>
                <BlockHeader>
-                  <h4>{t('settings.overview.advanced_configuration')}</h4>
+                  <h4>{t('settings.overview.encryption')}</h4>
                </BlockHeader>
                <BlockBody>
-                  <p>
-                    {t('settings.overview.description_advanced_configuration')}
-                  </p>
+                  <p>{t('settings.overview.description_encryption')}</p>
                  <div className="toggle-wrapper">
                    <Toggle
-                      on={config.offline === 'true'}
+                      on={config.encryption.enabled === 'true'}
                      disabled={false}
                      onClick={(event) =>
-                        this.onUpdateToggle('', 'offline', event, config)
+                        this.onUpdateToggle(
+                          'encryption',
+                          'enabled',
+                          event,
+                          config.encryption
+                        )
                      }
                    />
                    <div>
-                      <span>{t('settings.overview.offline_mode')}</span>
-                      <p>{t('settings.overview.description_offline_mode')}</p>
+                      <span>{t('settings.overview.encryption_enabled')}</span>
+                      <p>
+                        {t('settings.overview.description_encryption_enabled')}
+                      </p>
                    </div>
                  </div>
+
+                  <div className="toggle-wrapper">
+                    <Toggle
+                      on={config.encryption.recordings === 'true'}
+                      disabled={false}
+                      onClick={(event) =>
+                        this.onUpdateToggle(
+                          'encryption',
+                          'recordings',
+                          event,
+                          config.encryption
+                        )
+                      }
+                    />
+                    <div>
+                      <span>
+                        {t('settings.overview.encryption_recordings_enabled')}
+                      </span>
+                      <p>
+                        {t(
+                          'settings.overview.description_encryption_recordings_enabled'
+                        )}
+                      </p>
+                    </div>
+                  </div>
+
+                  <Input
+                    noPadding
+                    label={t('settings.overview.encryption_fingerprint')}
+                    value={config.encryption.fingerprint}
+                    onChange={(value) =>
+                      this.onUpdateField(
+                        'encryption',
+                        'fingerprint',
+                        value,
+                        config.encryption
+                      )
+                    }
+                  />
+                  <Input
+                    noPadding
+                    label={t('settings.overview.encryption_privatekey')}
+                    value={config.encryption.private_key}
+                    onChange={(value) =>
+                      this.onUpdateField(
+                        'encryption',
+                        'private_key',
+                        value,
+                        config.encryption
+                      )
+                    }
+                  />
+                  <Input
+                    noPadding
+                    label={t('settings.overview.encryption_symmetrickey')}
+                    value={config.encryption.symmetric_key}
+                    onChange={(value) =>
+                      this.onUpdateField(
+                        'encryption',
+                        'symmetric_key',
+                        value,
+                        config.encryption
+                      )
+                    }
+                  />
                </BlockBody>
                <BlockFooter>
                  <Button
Author	SHA1	Message	Date
Cedric Verstraeten	efcbf52b06	Merge branch 'master' of https://github.com/kerberos-io/agent	2023-11-06 17:07:50 +01:00
Cedric Verstraeten	c33469a7b3	add --fix-missing to fix random broken builds (armv6 image)	2023-11-06 17:07:35 +01:00
Cédric Verstraeten	3717535f0b	Merge pull request #121 from Chaitanya110703/patch-1 doc(README): remove typo	2023-11-06 16:54:28 +01:00
Cedric Verstraeten	8eb2de5e28	When Kerberos Vault is configured without Kerberos Hub, cameras do not show up in Kerberos Vault #123	2023-11-06 14:37:54 +01:00
Cedric Verstraeten	96f6bcb1dd	test file in wrong directory	2023-11-03 13:18:00 +01:00
Cedric Verstraeten	860077a3eb	turn off linting for: jsx-a11y/control-has-associated-label	2023-11-02 08:28:26 +01:00
Cedric Verstraeten	8be9343314	upgrade joy issues with audio codec (wrong FFMPEG version)	2023-11-02 08:15:32 +01:00
Cedric Verstraeten	dac04fbb57	upgrade joy for https://github.com/kerberos-io/agent/issues/105	2023-11-01 22:03:48 +01:00
Cedric Verstraeten	b9acf4c150	hot fix: factory needs to override encryption settings	2023-10-24 22:50:55 +02:00
Chaitanya110703	6608018f86	doc(README): remove typo	2023-10-24 21:25:45 +05:30
Cedric Verstraeten	552f5dbea6	hotfix: check if encryption is set for old agents	2023-10-24 17:52:09 +02:00
Cedric Verstraeten	2844a5a419	webrtc: disable relay allow other	2023-10-24 16:44:42 +02:00
Cedric Verstraeten	c4b9610f58	hotfix: mqtt webrtc - wrong session key	2023-10-24 16:22:15 +02:00
Cedric Verstraeten	6a44498730	hot fix: readd locks	2023-10-24 13:39:17 +02:00
Cedric Verstraeten	a2cebaf90b	hot fix: wait for token in webrtc	2023-10-24 13:14:14 +02:00
Cedric Verstraeten	3f58f26dfd	decrypt recordings through the UI automatically using the existing AES key, you can still use the decrypt action or openssl afterwards	2023-10-23 14:38:29 +02:00
Cedric Verstraeten	a8d5f56f1e	hotfix - build error encryption key value	2023-10-23 11:07:54 +02:00
Cédric Verstraeten	1eb62d80c7	add encryption + end-to-end encryption to feature list	2023-10-23 10:59:13 +02:00
Cedric Verstraeten	e474a62dbc	Add hindi #119 + allow recordings encryption + decryption tooling.	2023-10-23 10:56:36 +02:00
Cédric Verstraeten	f29b952001	Merge pull request #119 from fadkeabhi/feat#47-add-hindi-language-support Added transaltions for hindi language	2023-10-22 22:15:07 +02:00
ABHISHEK FADAKE	839185dac8	Added transaltions for hindi language	2023-10-03 19:24:47 +05:30