update speech utils version (#388 )

support rimelabs new voices (#387 )
support rime mistv2 model (#386 )
2026-01-25 02:08:24 +00:00 · 2025-02-07 08:00:21 -05:00 · 2025-02-07 07:22:42 -05:00 · 2025-02-06 21:36:34 -05:00 · 2025-02-05 08:32:36 -05:00 · 2025-02-05 00:06:58 -05:00
19 changed files with 554 additions and 86 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,5 +23,6 @@ jobs:
          sudo chmod +x /usr/local/bin/docker-compose
          docker-compose --version
      - run: npm test
+      - run: npm run test:encrypt-decrypt

 
--- a/lib/models/account.js
+++ b/lib/models/account.js
@@ -56,9 +56,13 @@ AND effective_end_date IS NULL
 AND pending = 0`;

 const extractBucketCredential = (obj) => {
-  const {bucket_credential} = obj;
-  if (bucket_credential) {
-    obj.bucket_credential = JSON.parse(decrypt(bucket_credential));
+  try {
+    const {bucket_credential} = obj;
+    if (bucket_credential) {
+      obj.bucket_credential = JSON.parse(decrypt(bucket_credential));
+    }
+  } catch (error) {
+    console.error('Error while decrypting data', error);
  }
 };

--- a/lib/models/client.js
+++ b/lib/models/client.js
@@ -13,9 +13,9 @@ class Client extends Model {
  }

  static async retrieveAllByServiceProviderSid(service_provider_sid) {
-    const sql = `SELECT c.client_sid, c.account_sid, c.is_active, c.username, c.hashed_password
+    const sql = `SELECT c.client_sid, c.account_sid, c.is_active, c.username, c.password
      FROM ${this.table} AS c LEFT JOIN accounts AS acc ON c.account_sid = acc.account_sid
-      LEFT JOIN service_providers AS sp ON sp.service_provider_sid = accs.service_provider_sid
+      LEFT JOIN service_providers AS sp ON sp.service_provider_sid = acc.service_provider_sid
      WHERE sp.service_provider_sid = ?`;
    const [rows] = await promisePool.query(sql, service_provider_sid);
    return rows;
--- a/lib/routes/api/accounts.js
+++ b/lib/routes/api/accounts.js
@@ -19,11 +19,12 @@ const {
  parseCallSid,
  enableSubspace,
  disableSubspace,
-  parseVoipCarrierSid
+  parseVoipCarrierSid,
+  hasValue,
 } = require('./utils');
 const short = require('short-uuid');
 const VoipCarrier = require('../../models/voip-carrier');
-const { encrypt } = require('../../utils/encrypt-decrypt');
+const { encrypt, obscureBucketCredentialsSensitiveData, isObscureKey } = require('../../utils/encrypt-decrypt');
 const { testS3Storage, testGoogleStorage, testAzureStorage } = require('../../utils/storage-utils');
 const translator = short();

@@ -555,9 +556,12 @@ router.get('/:sid', async(req, res) => {
    const account_sid = parseAccountSid(req);
    await validateRequest(req, account_sid);
    const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
-    const results = await Account.retrieve(account_sid, service_provider_sid);
-    if (results.length === 0) return res.status(404).end();
-    return res.status(200).json(results[0]);
+    const [result] = await Account.retrieve(account_sid, service_provider_sid) || [];
+    if (!result) return res.status(404).end();
+
+    result.bucket_credential = obscureBucketCredentialsSensitiveData(result.bucket_credential);
+
+    return res.status(200).json(result);
  }
  catch (err) {
    sysError(logger, res, err);
@@ -639,19 +643,21 @@ router.delete('/:sid/SubspaceTeleport', async(req, res) => {
  }
 });

-function encryptBucketCredential(obj) {
-  if (!obj.bucket_credential) return;
+function encryptBucketCredential(obj, storedCredentials = {}) {
+  if (!hasValue(obj?.bucket_credential)) return;
  const {
    vendor,
    region,
    name,
    access_key_id,
-    secret_access_key,
    tags,
-    service_key,
-    connection_string,
    endpoint
  } = obj.bucket_credential;
+  let {
+    secret_access_key,
+    service_key,
+    connection_string
+  } = obj.bucket_credential;

  switch (vendor) {
    case 'aws_s3':
@@ -659,6 +665,9 @@ function encryptBucketCredential(obj) {
      assert(secret_access_key, 'invalid aws S3 bucket credential: secret_access_key is required');
      assert(name, 'invalid aws bucket name: name is required');
      assert(region, 'invalid aws bucket region: region is required');
+      if (isObscureKey(obj.bucket_credential) && hasValue(storedCredentials)) {
+        secret_access_key = storedCredentials.secret_access_key;
+      }
      const awsData = JSON.stringify({vendor, region, name, access_key_id,
        secret_access_key, tags});
      obj.bucket_credential = encrypt(awsData);
@@ -668,18 +677,27 @@ function encryptBucketCredential(obj) {
      assert(secret_access_key, 'invalid aws S3 bucket credential: secret_access_key is required');
      assert(name, 'invalid aws bucket name: name is required');
      assert(endpoint, 'invalid endpoint uri: endpoint is required');
+      if (isObscureKey(obj.bucket_credential) && hasValue(storedCredentials)) {
+        secret_access_key = storedCredentials.secret_access_key;
+      }
      const s3Data = JSON.stringify({vendor, endpoint, name, access_key_id,
        secret_access_key, tags});
      obj.bucket_credential = encrypt(s3Data);
      break;
    case 'google':
      assert(service_key, 'invalid google cloud storage credential: service_key is required');
+      if (isObscureKey(obj.bucket_credential) && hasValue(storedCredentials)) {
+        service_key = storedCredentials.service_key;
+      }
      const googleData = JSON.stringify({vendor, name, service_key, tags});
      obj.bucket_credential = encrypt(googleData);
      break;
    case 'azure':
      assert(name, 'invalid azure container name: name is required');
      assert(connection_string, 'invalid azure cloud storage credential: connection_string is required');
+      if (isObscureKey(obj.bucket_credential) && hasValue(storedCredentials)) {
+        connection_string = storedCredentials.connection_string;
+      }
      const azureData = JSON.stringify({vendor, name, connection_string, tags});
      obj.bucket_credential = encrypt(azureData);
      break;
@@ -737,7 +755,17 @@ router.put('/:sid', async(req, res) => {
      delete obj.registration_hook;
      delete obj.queue_event_hook;

-      encryptBucketCredential(obj);
+      let storedBucketCredentials = {};
+      if (isObscureKey(obj?.bucket_credential)) {
+        const [account] = await Account.retrieve(sid) || [];
+        /* to avoid overwriting valid credentials with the obscured secret,
+         * that the frontend might send, we pass the stored account bucket credentials
+         * in the case it is a obscured key, we replace it with the stored one
+         */
+        storedBucketCredentials = account.bucket_credential;
+      }
+
+      encryptBucketCredential(obj, storedBucketCredentials);

      const rowsAffected = await Account.update(sid, obj);
      if (rowsAffected === 0) {
@@ -837,6 +865,13 @@ router.post('/:sid/BucketCredentialTest', async(req, res) => {
  try {
    const account_sid = parseAccountSid(req);
    await validateRequest(req, account_sid);
+    /* if the req.body bucket credentials contain an obscured key, replace with stored account.bucket_credential */
+    if (isObscureKey(req.body)) {
+      const service_provider_sid = req.user.hasServiceProviderAuth ? req.user.service_provider_sid : null;
+      const [account] = await Account.retrieve(account_sid, service_provider_sid) || [];
+      if (!account) return res.status(404).end();
+      req.body = account.bucket_credential;
+    }
    const {vendor, name, region, access_key_id, secret_access_key, service_key, connection_string, endpoint} = req.body;
    const ret = {
      status: 'not tested'
--- a/lib/routes/api/register.js
+++ b/lib/routes/api/register.js
@@ -3,7 +3,7 @@ const debug = require('debug')('jambonz:api-server');
 const {DbErrorBadRequest, DbErrorUnprocessableRequest} = require('../../utils/errors');
 const {promisePool} = require('../../db');
 const {doGithubAuth, doGoogleAuth, doLocalAuth} = require('../../utils/oauth-utils');
-const {validateEmail} = require('../../utils/email-utils');
+const {validateEmail, emailSimpleText} = require('../../utils/email-utils');
 const {cacheClient} = require('../../helpers');
 const { v4: uuid } = require('uuid');
 const short = require('short-uuid');
@@ -12,6 +12,7 @@ const jwt = require('jsonwebtoken');
 const {setupFreeTrial, createTestCdrs, createTestAlerts} = require('./utils');
 const {generateHashedPassword} = require('../../utils/password-utils');
 const sysError = require('../error');
+
 const insertUserSql = `INSERT into users 
 (user_sid, account_sid, name, email, provider, provider_userid, email_validated) 
 values (?, ?, ?, ?, ?, ?, 1)`;
@@ -36,6 +37,17 @@ const insertSignupHistorySql = `INSERT into signup_history
 (email, name) 
 values (?, ?)`;

+const slackEmail = `Hi there and welcome to jambonz!
+
+We are excited to have you on board. Feel free to join the community on Slack at https://joinslack.jambonz.org, 
+where you can connect with other jambonz users, ask questions, share your experiences, and learn from others.
+
+Hope to see you there!
+
+Best, 
+
+DaveH and the jambonz team`;
+
 const addLocalUser = async(logger, user_sid, account_sid,
  name, email, email_activation_code, passwordHash, service_provider_sid) => {
  const [r] = await promisePool.execute(insertUserLocalSql,
@@ -324,6 +336,15 @@ router.post('/', async(req, res) => {
        tutorial_completion: 0,
        scope: 'read-write'
      });
+
+      // send invite to Slack
+      if (process.env.SEND_SLACK_INVITE_ON_SIGNUP) {
+        try {
+          emailSimpleText(logger, userProfile.email, 'Welcome to jambonz!', slackEmail);
+        } catch (err) {
+          logger.info({err}, 'Error sending slack invite');
+        }
+      }
    }
    else if (user_sid) {
      /* add a new user for existing account */
--- a/lib/routes/api/speech-credentials.js
+++ b/lib/routes/api/speech-credentials.js
@@ -12,7 +12,8 @@ const {decryptCredential, testWhisper, testDeepgramTTS,
  testVerbioTts,
  testVerbioStt,
  testSpeechmaticsStt,
-  testCartesia} = require('../../utils/speech-utils');
+  testCartesia,
+  testVoxistStt} = require('../../utils/speech-utils');
 const {DbErrorUnprocessableRequest, DbErrorForbidden, DbErrorBadRequest} = require('../../utils/errors');
 const {
  testGoogleTts,
@@ -142,6 +143,7 @@ const encryptCredential = (obj) => {
    instance_id,
    custom_stt_url,
    custom_tts_url,
+    custom_tts_streaming_url,
    auth_token = '',
    cobalt_server_uri,
    model_id,
@@ -269,6 +271,11 @@ const encryptCredential = (obj) => {
      const assemblyaiData = JSON.stringify({api_key});
      return encrypt(assemblyaiData);

+    case 'voxist':
+      assert(api_key, 'invalid voxist speech credential: api_key is required');
+      const voxistData = JSON.stringify({api_key});
+      return encrypt(voxistData);
+
    case 'whisper':
      assert(api_key, 'invalid whisper speech credential: api_key is required');
      assert(model_id, 'invalid whisper speech credential: model_id is required');
@@ -284,7 +291,7 @@ const encryptCredential = (obj) => {

    default:
      if (vendor.startsWith('custom:')) {
-        const customData = JSON.stringify({auth_token, custom_stt_url, custom_tts_url});
+        const customData = JSON.stringify({auth_token, custom_stt_url, custom_tts_url, custom_tts_streaming_url});
        return encrypt(customData);
      }
      else assert(false, `invalid or missing vendor: ${vendor}`);
@@ -468,6 +475,7 @@ router.put('/:sid', async(req, res) => {
          custom_stt_endpoint_url,
          custom_stt_url,
          custom_tts_url,
+          custom_tts_streaming_url,
          cobalt_server_uri,
          model_id,
          voice_engine,
@@ -496,6 +504,7 @@ router.put('/:sid', async(req, res) => {
          nuance_tts_uri,
          custom_stt_url,
          custom_tts_url,
+          custom_tts_streaming_url,
          cobalt_server_uri,
          model_id,
          voice_engine,
@@ -850,6 +859,18 @@ router.get('/:sid/test', async(req, res) => {
          SpeechCredential.sttTestResult(sid, false);
        }
      }
+    } else if (cred.vendor === 'voxist') {
+      const {api_key} = credential;
+      if (cred.use_for_stt) {
+        try {
+          await testVoxistStt(logger, {api_key});
+          results.stt.status = 'ok';
+          SpeechCredential.sttTestResult(sid, true);
+        } catch (err) {
+          results.stt = {status: 'fail', reason: err.message};
+          SpeechCredential.sttTestResult(sid, false);
+        }
+      }
    } else if (cred.vendor === 'whisper') {
      if (cred.use_for_tts) {
        try {
--- a/lib/routes/api/utils.js
+++ b/lib/routes/api/utils.js
@@ -440,6 +440,22 @@ const validatePasswordSettings = async(password) => {
  return;
 };

+function hasValue(data) {
+  if (typeof data === 'string') {
+    return data && data.length > 0;
+  } else if (Array.isArray(data)) {
+    return data && data.length > 0;
+  } else if (typeof data === 'object') {
+    return data && Object.keys(data).length > 0;
+  } else if (typeof data === 'number') {
+    return data !== null;
+  } else if (typeof data === 'boolean') {
+    return data !== null;
+  } else {
+    return false;
+  }
+}
+
 module.exports = {
  setupFreeTrial,
  createTestCdrs,
@@ -460,5 +476,6 @@ module.exports = {
  checkLimits,
  enableSubspace,
  disableSubspace,
-  validatePasswordSettings
+  validatePasswordSettings,
+  hasValue,
 };
--- a/lib/utils/encrypt-decrypt.js
+++ b/lib/utils/encrypt-decrypt.js
@@ -17,10 +17,15 @@ const encrypt = (text) => {
 };

 const decrypt = (data) => {
-  const hash = JSON.parse(data);
-  const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
-  const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
-  return decrpyted.toString();
+  try {
+    const hash = JSON.parse(data);
+    const decipher = crypto.createDecipheriv(algorithm, secretKey, Buffer.from(hash.iv, 'hex'));
+    const decrpyted = Buffer.concat([decipher.update(Buffer.from(hash.content, 'hex')), decipher.final()]);
+    return decrpyted.toString();
+  } catch (error) {
+    console.error('Error while decrypting data', error);
+    return '{}';
+  }
 };

 const obscureKey = (key, key_spoiler_length = 6) => {
@@ -33,8 +38,85 @@ const obscureKey = (key, key_spoiler_length = 6) => {
  return `${key.slice(0, key_spoiler_length)}${key_spoiler_char.repeat(key.length - key_spoiler_length)}`;
 };

+function isObscureKey(bucketCredentials) {
+  if (!bucketCredentials) {
+    return false;
+  }
+
+  try {
+    const {
+      vendor,
+      secret_access_key = '',
+      service_key = '',
+      connection_string = ''
+    } = bucketCredentials || {};
+    let pattern;
+    switch (vendor) {
+      case 'aws_s3':
+      case 's3_compatible':
+        pattern = /^([A-Za-z0-9]{4,6}X+$)/;
+        return pattern.test(secret_access_key);
+      case 'azure':
+        pattern = /^https:[A-Za-z0-9\/.:?=&_-]+$/;
+        return pattern.test(connection_string);
+
+      case 'google': {
+        pattern = /^([A-Za-z0-9]{4,6}X+$)/;
+        let {private_key} = JSON.parse(service_key);
+        const key_header = '-----BEGIN PRIVATE KEY-----\n';
+        private_key = private_key.slice(key_header.length, private_key.length);
+        return pattern.test(private_key || '');
+      }
+    }
+    return false;
+  } catch (error) {
+    console.log('Error in isObscureKey', error);
+    return false;
+  }
+}
+
+/**
+ * obscure sensitive data in bucket credentials
+ * an obscured key contains of 6 'spoiled' characters of the key followed by 'X' characters
+ * '123456XXXXXXXXXXXXXXXXXXXXXXXX'
+ * @param {*} obj
+ * @returns
+ */
+function obscureBucketCredentialsSensitiveData(obj) {
+  if (!obj) return obj;
+  const {vendor, service_key, connection_string, secret_access_key} = obj;
+  switch (vendor) {
+    case 'aws_s3':
+    case 's3_compatible':
+      obj.secret_access_key = obscureKey(secret_access_key);
+      break;
+    case 'google':
+      const o = JSON.parse(service_key);
+      let private_key = o.private_key;
+      if (!isObscureKey(obj)) {
+        const key_header = '-----BEGIN PRIVATE KEY-----\n';
+        private_key = o.private_key.slice(key_header.length, o.private_key.length);
+        private_key = `${key_header}${obscureKey(private_key)}`;
+      }
+      const obscured = {
+        ...o,
+        private_key
+      };
+      obj.service_key = JSON.stringify(obscured);
+      break;
+    case 'azure':
+      obj.connection_string = obscureKey(connection_string);
+      break;
+  }
+
+  return obj;
+}
+
+
 module.exports = {
  encrypt,
  decrypt,
-  obscureKey
+  obscureKey,
+  isObscureKey,
+  obscureBucketCredentialsSensitiveData,
 };
--- a/lib/utils/speech-data/stt-voxist.js
+++ b/lib/utils/speech-data/stt-voxist.js
@@ -0,0 +1,8 @@
+module.exports = [
+  { name: 'English', value: 'en' },
+  { name: 'French', value: 'fr' },
+  { name: 'German', value: 'de' },
+  { name: 'Dutch', value: 'nl' },
+  { name: 'Italian', value: 'it' },
+  { name: 'Spanish', value: 'sp' },
+];
--- a/lib/utils/speech-data/tts-deepgram.js
+++ b/lib/utils/speech-data/tts-deepgram.js
@@ -0,0 +1,28 @@
+const TtsDeepgramLanguagesVoiceRaw = require('./tts-model-deepgram');
+
+const languagesVoices = [];
+
+TtsDeepgramLanguagesVoiceRaw.forEach((data) => {
+  const lang = languagesVoices.find((l) => {
+    return l.value === data.locale;
+  });
+
+  if (!lang) {
+    languagesVoices.push({
+      value: data.locale,
+      name: data.localeName,
+      voices: TtsDeepgramLanguagesVoiceRaw
+        .filter((d) => {
+          return d.locale === data.locale;
+        })
+        .map((d) => {
+          return {
+            value: d.value,
+            name: `${d.name}`,
+          };
+        }),
+    });
+  }
+});
+
+module.exports = languagesVoices;
--- a/lib/utils/speech-data/tts-model-deepgram.js
+++ b/lib/utils/speech-data/tts-model-deepgram.js
@@ -1,14 +1,68 @@
 module.exports = [
-  { name: 'Asteria English (US) Female', value: 'aura-asteria-en' },
-  { name: 'Luna English (US) Female', value: 'aura-luna-en' },
-  { name: 'Stella English (US) Female', value: 'aura-stella-en' },
-  { name: 'Stella English (UK) Female', value: 'aura-athena-en' },
-  { name: 'Hera English (US) Female', value: 'aura-hera-en' },
-  { name: 'Orion English (US) Male', value: 'aura-orion-en' },
-  { name: 'Arcas English (US) Male', value: 'aura-arcas-en' },
-  { name: 'Perseus English (US) Male', value: 'aura-perseus-en' },
-  { name: 'Angus English (Ireland) Male', value: 'aura-angus-en' },
-  { name: 'Orpheus English (US) Male', value: 'aura-orpheus-en' },
-  { name: 'Helios English (UK) Male', value: 'aura-helios-en' },
-  { name: 'Zeus English (US) Male', value: 'aura-zeus-en' },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Asteria English (US) Female',
+    value: 'aura-asteria-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Luna English (US) Female',
+    value: 'aura-luna-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Stella English (US) Female',
+    value: 'aura-stella-en'
+  },
+  {
+    locale: 'en-GB',
+    localeName: 'English (UK)',
+    name: 'Stella English (UK) Female',
+    value: 'aura-athena-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Hera English (US) Female',
+    value: 'aura-hera-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Orion English (US) Male',
+    value: 'aura-orion-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Arcas English (US) Male',
+    value: 'aura-arcas-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Perseus English (US) Male',
+    value: 'aura-perseus-en'
+  },
+  {
+    locale: 'en-IE',
+    localeName: 'English (Ireland)',
+    name: 'Angus English (Ireland) Male',
+    value: 'aura-angus-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Orpheus English (US) Male',
+    value: 'aura-orpheus-en'
+  },
+  {
+    locale: 'en-US',
+    localeName: 'English (US)',
+    name: 'Zeus English (US) Male',
+    value: 'aura-zeus-en'
+  },
 ];
--- a/lib/utils/speech-data/tts-model-elevenlabs.js
+++ b/lib/utils/speech-data/tts-model-elevenlabs.js
@@ -1,8 +1,11 @@
 module.exports = [
  { name: 'Turbo v2', value: 'eleven_turbo_v2' },
  { name: 'Turbo v2.5', value: 'eleven_turbo_v2_5' },
-  { name: 'Multilingual v2', value: 'eleven_multilingual_v2' },
+  { name: 'Flash v2', value: 'eleven_flash_v2' },
+  { name: 'Flash v2.5', value: 'eleven_flash_v2_5' },
  { name: 'Multilingual v1', value: 'eleven_multilingual_v1' },
+  { name: 'Multilingual v2', value: 'eleven_multilingual_v2' },
+  { name: 'Multilingual STS v2', value: 'eleven_multilingual_sts_v2' },
  { name: 'English v1', value: 'eleven_monolingual_v1' },
  { name: 'English v2', value: 'eleven_english_sts_v2' },
 ];
--- a/lib/utils/speech-data/tts-model-rimelabs.js
+++ b/lib/utils/speech-data/tts-model-rimelabs.js
@@ -1,5 +1,6 @@
 module.exports = [
  { name: 'Mist', value: 'mist' },
+  { name: 'Mistv2', value: 'mistv2' },
  { name: 'V1', value: 'v1' },
 ];

--- a/lib/utils/speech-data/tts-verbio.js
+++ b/lib/utils/speech-data/tts-verbio.js
@@ -1,14 +1,4 @@
 module.exports = [
-  {
-    value: 'en-US',
-    name: 'US English',
-    voices: [
-      {
-        value: 'tommy_en_us',
-        name: 'Tommy-Male',
-      },
-    ],
-  },
  {
    value: 'es-ES',
    name: 'Castilian Spanish',
--- a/lib/utils/speech-utils.js
+++ b/lib/utils/speech-utils.js
@@ -22,6 +22,7 @@ const TtsPlayHtLanguagesVoices = require('./speech-data/tts-playht');
 const TtsVerbioLanguagesVoices = require('./speech-data/tts-verbio');

 const TtsModelDeepgram = require('./speech-data/tts-model-deepgram');
+const TtsLanguagesDeepgram = require('./speech-data/tts-deepgram');
 const TtsModelElevenLabs = require('./speech-data/tts-model-elevenlabs');
 const TtsModelWhisper = require('./speech-data/tts-model-whisper');
 const TtsModelPlayHT = require('./speech-data/tts-model-playht');
@@ -40,6 +41,7 @@ const SttCobaltLanguagesVoices = require('./speech-data/stt-cobalt');
 const SttSonioxLanguagesVoices = require('./speech-data/stt-soniox');
 const SttSpeechmaticsLanguagesVoices = require('./speech-data/stt-speechmatics');
 const SttAssemblyaiLanguagesVoices = require('./speech-data/stt-assemblyai');
+const SttVoxistLanguagesVoices = require('./speech-data/stt-voxist');
 const SttVerbioLanguagesVoices = require('./speech-data/stt-verbio');
 const ttsCartesia = require('./speech-data/tts-cartesia');
 const ttsModelCartesia = require('./speech-data/tts-model-cartesia');
@@ -501,6 +503,20 @@ const testAssemblyStt = async(logger, credentials) => {
  });
 };

+const testVoxistStt = async(logger, credentials) => {
+  const {api_key} = credentials;
+  try {
+    const get = bent('https://api-asr.voxist.com', 'GET', 'json', {
+      'Accept': 'application/json',
+      'x-lvl-key': api_key
+    });
+    await get('/clients');
+  } catch (err) {
+    logger.info({err}, 'failed to get clients from Voxist');
+    throw err;
+  }
+};
+
 const getSpeechCredential = (credential, logger) => {
  const {vendor} = credential;
  logger.info(
@@ -624,9 +640,13 @@ function decryptCredential(obj, credential, logger, isObscureKey = true) {
    obj.auth_token = isObscureKey ? obscureKey(o.auth_token) : o.auth_token;
    obj.custom_stt_url = o.custom_stt_url;
    obj.custom_tts_url = o.custom_tts_url;
+    obj.custom_tts_streaming_url = o.custom_tts_streaming_url;
  } else if ('assemblyai' === obj.vendor) {
    const o = JSON.parse(decrypt(credential));
    obj.api_key = isObscureKey ? obscureKey(o.api_key) : o.api_key;
+  } else if ('voxist' === obj.vendor) {
+    const o = JSON.parse(decrypt(credential));
+    obj.api_key = isObscureKey ? obscureKey(o.api_key) : o.api_key;
  } else if ('whisper' === obj.vendor) {
    const o = JSON.parse(decrypt(credential));
    obj.api_key = isObscureKey ? obscureKey(o.api_key) : o.api_key;
@@ -690,6 +710,8 @@ async function getLanguagesAndVoicesForVendor(logger, vendor, credential, getTts
      return await getLanguagesVoicesForRimelabs(credential, getTtsVoices, logger);
    case 'assemblyai':
      return await getLanguagesVoicesForAssemblyAI(credential, getTtsVoices, logger);
+    case 'voxist':
+      return await getLanguagesVoicesForVoxist(credential, getTtsVoices, logger);
    case 'whisper':
      return await getLanguagesVoicesForWhisper(credential, getTtsVoices, logger);
    case 'verbio':
@@ -779,7 +801,7 @@ async function getLanguagesVoicesForNuane(credential, getTtsVoices, logger) {
 }

 async function getLanguagesVoicesForDeepgram(credential) {
-  return tranform(undefined, SttDeepgramLanguagesVoices, TtsModelDeepgram);
+  return tranform(TtsLanguagesDeepgram, SttDeepgramLanguagesVoices, TtsModelDeepgram);
 }

 async function getLanguagesVoicesForIbm(credential, getTtsVoices, logger) {
@@ -823,6 +845,13 @@ async function getLanguagesVoicesForElevenlabs(credential) {
    const [langResp, voiceResp] = await Promise.all([get('/v1/models'), get('/v1/voices')]);

    const model = langResp.find((m) => m.model_id === credential.model_id);
+    const models = langResp.map((m) => {
+      return {
+        value: m.model_id,
+        name: m.name
+      };
+    }).sort((a, b) => a.name.localeCompare(b.name));
+
    const languages = model ? model.languages.map((l) => {
      return {
        value: l.language_id,
@@ -854,7 +883,7 @@ async function getLanguagesVoicesForElevenlabs(credential) {
        language.voices = voices;
      }
    }
-    return tranform(languages, undefined, TtsModelElevenLabs);
+    return tranform(languages, undefined, models);
  } else {
    const voices = TtsElevenlabsLanguagesVoices[0].voices;
    for (const language of TtsElevenlabsLanguagesVoices) {
@@ -959,19 +988,17 @@ async function getLanguagesVoicesForRimelabs(credential) {
  const get = bent('https://users.rime.ai', 'GET', 'json', {
    'Accept': 'application/json'
  });
-  const voices = await get('/data/voices/all.json');
-  let selectedVoices = model_id ? voices[model_id] : Object.values(voices).reduce((acc, val) => [...acc, ...val], []);
-  selectedVoices = selectedVoices.map((v) => ({
-    name: v.charAt(0).toUpperCase() + v.slice(1),
-    value: v
+  const voices = await get('/data/voices/all-v2.json');
+  const modelVoices = model_id ? voices[model_id] :
+    Object.keys(voices).length > 0 ? voices[Object.keys(voices)[0]] : [];
+  const ttsVoices = Object.entries(modelVoices).map(([key, voices]) => ({
+    value: key,
+    name: key.charAt(0).toUpperCase() + key.slice(1),
+    voices: voices.map((v) => ({
+      name: v.charAt(0).toUpperCase() + v.slice(1),
+      value: v
+    }))
  }));
-  const ttsVoices = [
-    {
-      value: 'en-US',
-      name: 'English (US)',
-      voices: selectedVoices
-    }
-  ];
  return tranform(ttsVoices, undefined, TtsModelRimelabs);
 }

@@ -979,6 +1006,10 @@ async function getLanguagesVoicesForAssemblyAI(credential) {
  return tranform(undefined, SttAssemblyaiLanguagesVoices);
 }

+async function getLanguagesVoicesForVoxist(credential) {
+  return tranform(undefined, SttVoxistLanguagesVoices);
+}
+
 async function getLanguagesVoicesForWhisper(credential) {
  return tranform(TtsWhisperLanguagesVoices, undefined, TtsModelWhisper);
 }
@@ -1131,7 +1162,7 @@ function parseMicrosoftLanguagesVoices(data) {
 }

 function parseVerbioLanguagesVoices(data) {
-  return data.reduce((acc, voice) => {
+  return data.voices.reduce((acc, voice) => {
    const languageCode = voice.language;
    const existingLanguage = acc.find((lang) => lang.value === languageCode);
    if (existingLanguage) {
@@ -1269,5 +1300,6 @@ module.exports = {
  testVerbioStt,
  getLanguagesAndVoicesForVendor,
  testSpeechmaticsStt,
-  testCartesia
+  testCartesia,
+  testVoxistStt
 };
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "jambonz-api-server",
-  "version": "0.9.2",
+  "version": "0.9.3",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "jambonz-api-server",
-      "version": "0.9.2",
+      "version": "0.9.3",
      "license": "MIT",
      "dependencies": {
        "@aws-sdk/client-s3": "^3.550.0",
@@ -19,7 +19,7 @@
        "@jambonz/lamejs": "^1.2.2",
        "@jambonz/mw-registrar": "^0.2.7",
        "@jambonz/realtimedb-helpers": "^0.8.10",
-        "@jambonz/speech-utils": "^0.2.1",
+        "@jambonz/speech-utils": "^0.2.3",
        "@jambonz/time-series": "^0.2.8",
        "@jambonz/verb-specifications": "^0.0.72",
        "@soniox/soniox-node": "^1.2.2",
@@ -2292,9 +2292,9 @@
      }
    },
    "node_modules/@jambonz/speech-utils": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/@jambonz/speech-utils/-/speech-utils-0.2.1.tgz",
-      "integrity": "sha512-LIZ3HCW+vra626L18NiudY4v7zXVW4EvqUeeVLFM9S8fi1nGP2lHbDur/DFiN/VsJXYdNIdO4PAsILxeZXoOLg==",
+      "version": "0.2.3",
+      "resolved": "https://registry.npmjs.org/@jambonz/speech-utils/-/speech-utils-0.2.3.tgz",
+      "integrity": "sha512-ffx0TYggGDeEEB5yZ9y+BkF6dtDmKvCEgyK0lmzjkRQ2h3xaIWao3c5VCU9WXhKb+d2o6mLL06GebBMdzWIGhg==",
      "license": "MIT",
      "dependencies": {
        "@aws-sdk/client-polly": "^3.496.0",
@@ -4523,9 +4523,10 @@
      "dev": true
    },
    "node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
+      "license": "MIT",
      "engines": {
        "node": ">= 0.6"
      }
@@ -4553,10 +4554,11 @@
      }
    },
    "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "path-key": "^3.1.0",
        "shebang-command": "^2.0.0",
@@ -5354,16 +5356,17 @@
      }
    },
    "node_modules/express": {
-      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
-      "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
+      "version": "4.21.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "license": "MIT",
      "dependencies": {
        "accepts": "~1.3.8",
        "array-flatten": "1.1.1",
        "body-parser": "1.20.3",
        "content-disposition": "0.5.4",
        "content-type": "~1.0.4",
-        "cookie": "0.6.0",
+        "cookie": "0.7.1",
        "cookie-signature": "1.0.6",
        "debug": "2.6.9",
        "depd": "2.0.0",
@@ -5377,7 +5380,7 @@
        "methods": "~1.1.2",
        "on-finished": "2.4.1",
        "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.10",
+        "path-to-regexp": "0.1.12",
        "proxy-addr": "~2.0.7",
        "qs": "6.13.0",
        "range-parser": "~1.2.1",
@@ -5392,6 +5395,10 @@
      },
      "engines": {
        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/express-rate-limit": {
@@ -8209,9 +8216,10 @@
      "dev": true
    },
    "node_modules/path-to-regexp": {
-      "version": "0.1.10",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz",
-      "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w=="
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==",
+      "license": "MIT"
    },
    "node_modules/pause": {
      "version": "0.0.1",
--- a/package.json
+++ b/package.json
@@ -1,11 +1,12 @@
 {
  "name": "jambonz-api-server",
-  "version": "0.9.2",
+  "version": "0.9.3",
  "description": "",
  "main": "app.js",
  "scripts": {
    "start": "node app.js",
    "test": "NODE_ENV=test APPLY_JAMBONZ_DB_LIMITS=1 JWT_SECRET=foobarbazzle JAMBONES_MYSQL_HOST=127.0.0.1 JAMBONES_MYSQL_PORT=3360 JAMBONES_MYSQL_USER=jambones_test JAMBONES_MYSQL_PASSWORD=jambones_test JAMBONES_MYSQL_DATABASE=jambones_test JAMBONES_REDIS_HOST=localhost JAMBONES_REDIS_PORT=16379 JAMBONES_TIME_SERIES_HOST=127.0.0.1 JAMBONES_LOGLEVEL=error JAMBONES_CREATE_CALL_URL=http://localhost/v1/createCall K8S=true K8S_FEATURE_SERVER_SERVICE_NAME=127.0.0.1 K8S_FEATURE_SERVER_SERVICE_PORT=3100 node test/ ",
+    "test:encrypt-decrypt": "ENCRYPTION_SECRET=12345 node --test ./test/encrypt-decrypt.test.js",
    "integration-test": "NODE_ENV=test JAMBONES_AUTH_USE_JWT=1 JAMBONES_TIME_SERIES_HOST=127.0.0.1 AWS_REGION='us-east-1' JAMBONES_CURRENCY=USD JWT_SECRET=foobarbazzle JAMBONES_MYSQL_HOST=127.0.0.1 JAMBONES_MYSQL_PORT=3360 JAMBONES_MYSQL_USER=jambones_test JAMBONES_MYSQL_PASSWORD=jambones_test JAMBONES_MYSQL_DATABASE=jambones_test JAMBONES_REDIS_HOST=localhost JAMBONES_REDIS_PORT=16379 JAMBONES_LOGLEVEL=debug JAMBONES_CREATE_CALL_URL=http://localhost/v1/createCall node test/serve-integration.js",
    "upgrade-db": "node ./db/upgrade-jambonz-db.js",
    "coverage": "./node_modules/.bin/nyc --reporter html --report-dir ./coverage npm run test",
@@ -29,7 +30,7 @@
    "@jambonz/lamejs": "^1.2.2",
    "@jambonz/mw-registrar": "^0.2.7",
    "@jambonz/realtimedb-helpers": "^0.8.10",
-    "@jambonz/speech-utils": "^0.2.1",
+    "@jambonz/speech-utils": "^0.2.3",
    "@jambonz/time-series": "^0.2.8",
    "@jambonz/verb-specifications": "^0.0.72",
    "@soniox/soniox-node": "^1.2.2",
--- a/test/encrypt-decrypt.test.js
+++ b/test/encrypt-decrypt.test.js
@@ -0,0 +1,132 @@
+const assert = require('node:assert');
+const { describe, it, beforeEach, before } = require('node:test');
+const { obscureBucketCredentialsSensitiveData, isObscureKey, obscureKey } = require('../lib/utils/encrypt-decrypt');
+const { randomUUID } = require('node:crypto');
+
+let bucket_credential = {};
+let service_key = {};
+
+describe('encrypt-decrypt test suite', { skip: false }, () => {
+    before(() => {
+        process.env.ENCRYPTION_SECRET = "12345";
+    });
+    beforeEach(() => {
+        service_key = {
+            "type": "service_account",
+            "project_id": "voice-gateway",
+            "private_key_id": randomUUID(),
+            "private_key": "-----BEGIN PRIVATE KEY-----\nJ6T2sQmBAD8TBm0frkGeyw0FA0aVAASVBJcwggSjBgEAAoabAQDUbiVwgufJm9R3\nv7YpECxRnQgHduX8jnbjtubi6FVqqVx78W3NM/gFNJFBC7NXtpsslqefKM6SmlkK\nNP6XqXy/ppXO8u00se7+cOFhsS6crncnsCeIYPxLFPV8P4BjExi7v88RBdektLeV\nX6sRWhxiYeWe+ORxkyC0KR4IKZjHt7ZHrg0kNQyuNx1KOhJnN3rRUkKSP2zozd1c\n3V+4EfpZjGmlQegXNHzkwUjvTOe6nuyxynWe3smjsSw/3RQda5m674Kh9tnVWEiX\n5KWnfRbWDdEBp5azzOAdeSR5W+qQfS0Jo6blREDQxWfMNmut87m81gmn+DKMhq6k\nV0JVRQStAgMBAAECggEAAf7AsAdI24zUdXkZv98gEuC4S10e2Luoz6Yvm41V3sP6\nWx0mdgY7RB9RW8U4WPnu3GhPGGJj03SyHUuI8Ix15MNM9WGDAaV3S+kRb1LqChLO\nCoNSO/qYPPg4t1iQ9+s7sWTnM93MAXjujmSveHJd7+MrUQOxOdPjB7I/ozMkBXBb\nWYsBIfeOG/7DsC4N4V/hKVXAq9NekGQv85yCUPR/DpuG9vqpztXwaSC1Wihntlu3\nNJYmMave4PbO3OxAekBl70WmukERZo7ksR+34WWse4HXlphaUVbpvnbQdGT1EzXW\nZukanqpfkIwrHme2Ko5NdP0C54pRhg6kpmWszVUMQQKBgQD6yWMuuwdPuFLg0wc2\nnDUeyHZSq/SEMSrb1wNXhL3qhaL2tCjBZwG9CHDuFMhqDLU5F36mEdAsM5MHCzyC\nTJ7VbqvCFz69SRt1CVp76Hu4HO/1Nhxm1GhF+NKSDIbnUg3o4DaC7EUtLpqYXcWj\nsXHEqVEhkrNVQ/JOIfJr42LDfQKBgQDM0U3ghGg9ufe9mb0dOonwtJA/ay/pd08Q\nyq3ue9C3yoQiNf28bP3AGKIjhA6wtd0KTSkQs6ktabGHIM8o/eTrMAMQllKh/3xe\nON7iND8Xz2GFMuIraQ7Mq9RvYWiqqIkVg1GQfJmiQ9wcmGj2PHy25LfjBXfHAYqK\nQ++P/i+s8QKBgD0pRi4MYNEZY+T+skCoQfA69VheJWjj0M8ClgcPEX4Tj1XZRCM+\nqtbeKyR1Hxd19/BvgWyg5YMSJOZP4Dbq1sW4ktzn7F4faTnWySF05k9Vh1PnGXAe\nlzuRXlFOCsx5X3kOzVyKoKhPOFa2b8/nI5bRsD6e12uRAZP6hXO4ZcrFAoGABVJ/\nCpGGP+xgMq4XCvZldTrL8MnxQcjW5iHOKT9QaiY6DsWGZWoTofVB6VhaJV9kcgsV\nQRjaEZMIiPFiULdgRnhF7B1r4kfITI5/xDMFXLIH37U1yVj+iHUCnS5T0PN2NHfo\nG7ARMfU/eALB33ws5XfGC4Et3p78oaEoTX6WcJECgYEAhysSt4qieGRSXn24V0+u\ny/ubU4dysn4SFe8BB4bjgYa8v+6VwucU+nnU4wOwykEgJmzN/ukzpvFN0CkN8eAN\n8xwtjBX9Zc1S90Wf7/7IrQGlUnsSFpDh5TW+oCqVo8JK7UGxJHR1mCvJmYVmSk3c\nD4AMvJ2x/Z5d9NKIAzdET4o=\n-----END PRIVATE KEY-----\n",
+            "client_email": "voicegatewayteam@voice-gateway.iam.gserviceaccount.com",
+            "client_id": "333827616171177028875",
+            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+            "token_uri": "https://oauth2.googleapis.com/token",
+            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+            "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/cognigyvoicegatewayteam%40cognigy-voice-gateway.iam.gserviceaccount.com",
+            "universe_domain": "googleapis.com"
+        };
+        bucket_credential = {
+            "vendor": "google",
+            "service_key": "",
+            "connection_string": "",
+            "secret_access_key": ""
+        }
+    });
+
+    describe('obscureBucketCredentialsSensitiveData', { skip: false }, () => {
+        it('should obscure "private_key" - vendor: google', { skip: false }, () => {
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "google",
+                "service_key": JSON.stringify(service_key),
+            };
+            const result = obscureBucketCredentialsSensitiveData(bucket_credential);
+            const googleCredentials = JSON.parse(result.service_key);
+            assert.strictEqual(googleCredentials.private_key, '-----BEGIN PRIVATE KEY-----\nJ6T2sQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX');
+            assert.strictEqual(googleCredentials.private_key_id, googleCredentials.private_key_id);
+            assert.strictEqual(googleCredentials.project_id, googleCredentials.project_id);
+            assert.strictEqual(googleCredentials.client_email, googleCredentials.client_email);
+            assert.strictEqual(googleCredentials.client_id, googleCredentials.client_id);
+            assert.strictEqual(googleCredentials.auth_uri, googleCredentials.auth_uri);
+            assert.strictEqual(googleCredentials.token_uri, googleCredentials.token_uri);
+        });
+
+        it('should skip obscure since it is already obscured. vendor: google - "private key"', { skip: false }, () => {
+            service_key.private_key = '-----BEGIN PRIVATE KEY-----\nJ6T2sQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "google",
+                "service_key": JSON.stringify(service_key),
+            };
+            const result = obscureBucketCredentialsSensitiveData(bucket_credential);
+            const googleCredentials = JSON.parse(result.service_key);
+            assert.strictEqual(googleCredentials.private_key, '-----BEGIN PRIVATE KEY-----\nJ6T2sQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX');
+            assert.strictEqual(googleCredentials.private_key_id, googleCredentials.private_key_id);
+            assert.strictEqual(googleCredentials.project_id, googleCredentials.project_id);
+            assert.strictEqual(googleCredentials.client_email, googleCredentials.client_email);
+            assert.strictEqual(googleCredentials.client_id, googleCredentials.client_id);
+            assert.strictEqual(googleCredentials.auth_uri, googleCredentials.auth_uri);
+            assert.strictEqual(googleCredentials.token_uri, googleCredentials.token_uri);
+        });
+    });
+
+    describe('isObscureKey', { skip: false }, () => {
+        it('vendor: google - should return true', { skip: false }, () => {
+            service_key.private_key = '-----BEGIN PRIVATE KEY-----\nJ6T2sQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "google",
+                "service_key": JSON.stringify(service_key),
+            };
+            const result = isObscureKey(bucket_credential);
+            assert.strictEqual(result, true);
+        });
+        it('vendor: google - should return false', { skip: false }, () => {
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "google",
+                "service_key": JSON.stringify(service_key),
+            };
+            const result = isObscureKey(bucket_credential);
+            assert.strictEqual(result, false);
+        });
+        it('vendor: aws_s3 - should return true', { skip: false }, () => {
+            const obscuredKey = "J6T2sQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "aws_s3",
+                "secret_access_key": obscuredKey,
+            };
+            const result = isObscureKey(bucket_credential);
+            assert.strictEqual(result, true);
+        });
+        it('vendor: aws_s3 - should return false', { skip: false }, () => {
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "aws_s3",
+                "service_key": "EFEU2fhcbqiw3211ffw3f1kezhcbqiw3211ffw3f",
+            };
+            const result = isObscureKey(bucket_credential);
+            assert.strictEqual(result, false);
+        });
+        it('vendor: azure - should return true', { skip: false }, () => {
+            const obscuredKey = 'https:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "azure",
+                "connection_string": obscuredKey,
+            };
+            const result = isObscureKey(bucket_credential);
+            assert.strictEqual(result, true);
+        });
+        it('vendor: azure - should return false', { skip: false }, () => {
+            bucket_credential = {
+                ...bucket_credential,
+                "vendor": "azure",
+                connection_string: 'https://cognigydevstorage.blob.core.windows.net/voicegateway-test?sp=rw&st=2023-09-10T13:35:44Z&se=2023-09-11T21:35:44Z&spr=https&sv=2022-11-02&sr=c&sig=9WN8Bg5UMOvnV1h1cJpCnTUG%2FnonTbRZ1Q1rbKnDUl4%3D',
+            };
+            const result = isObscureKey(bucket_credential);
+            assert.strictEqual(result, false);
+        });
+    });
+});
+
--- a/test/speech-credentials.js
+++ b/test/speech-credentials.js
@@ -780,6 +780,27 @@ test('speech credentials tests', async(t) => {
    });
    t.ok(result.statusCode === 204, 'successfully deleted speech credential');

+    /* add a credential for Voxist */
+    result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
+      resolveWithFullResponse: true,
+      auth: authUser,
+      json: true,
+      body: {
+        vendor: 'voxist',
+        use_for_stt: true,
+        api_key: "APIKEY"
+      }
+    });
+    t.ok(result.statusCode === 201, 'successfully added speech credential for Voxist');
+    const voxistSid = result.body.sid;
+
+    /* delete the credential */
+    result = await request.delete(`/Accounts/${account_sid}/SpeechCredentials/${voxistSid}`, {
+      auth: authUser,
+      resolveWithFullResponse: true,
+    });
+    t.ok(result.statusCode === 204, 'successfully deleted speech credential');
+
    /* add a credential for aws polly by roleArn */
    result = await request.post(`/Accounts/${account_sid}/SpeechCredentials`, {
      resolveWithFullResponse: true,
@@ -972,6 +993,15 @@ test('speech credentials tests', async(t) => {
    });
    t.ok(result.body.stt.length !== 0, 'successfully get assemblyai supported languages and voices');

+    /* Check voxist supportedLanguagesAndVoices */
+    result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/speech/supportedLanguagesAndVoices?vendor=voxist`, {
+      resolveWithFullResponse: true,
+      simple: false,
+      auth: authAdmin,
+      json: true,
+    });
+    t.ok(result.body.stt.length !== 0, 'successfully get voxist supported languages and voices');
+
    /* Check whisper supportedLanguagesAndVoices */
    result = await request.get(`/Accounts/${account_sid}/SpeechCredentials/speech/supportedLanguagesAndVoices?vendor=whisper`, {
      resolveWithFullResponse: true,
Author	SHA1	Message	Date
Hoan Luu Huu	c7c56d8ea0	update speech utils version (#388 )	2025-02-07 08:00:21 -05:00
Hoan Luu Huu	9cfe990bb8	support rimelabs new voices (#387 )	2025-02-07 07:22:42 -05:00
Hoan Luu Huu	6c7d2c9074	support rime mistv2 model (#386 )	2025-02-06 21:36:34 -05:00
Hoan Luu Huu	73e35c84c5	support voxist stt (#384 )	2025-02-05 08:32:36 -05:00
Dave Horton	86d50d94cb	optionally send invites to our slack channel on signup (#385 )	2025-02-05 00:06:58 -05:00
Hoan Luu Huu	b8f4ad6b27	support fetching elevenlabs models by api-key (#383 )	2025-02-03 08:28:48 -05:00
Dave Horton	ad3ec926ee	proper version	2025-02-02 17:11:33 -05:00
rammohan-y	66bd9a442c	feat/379: added tts property to deepgram response (#380 )	2025-01-21 08:15:32 -05:00
Hoan Luu Huu	fa81d179a1	verbio list voice api is changed, fixed (#378 )	2025-01-15 06:54:55 -05:00
Dave Horton	fab8a391b7	update deps	2025-01-14 10:46:42 -05:00
Hoan Luu Huu	89288acf6e	support custom tts streaming vendor (#377 )	2025-01-14 07:14:07 -05:00
Markus Frindt	23cd4408a5	Feat/obscure sensitive bucket credentials (#375 ) * obscure sensitive bucket credentials * npm audit fix * fix condition * add test suite encrypt-decrypt.test * revert docker-compose * update pipeline --------- Co-authored-by: mfrindt <m.frindt@cognigy.com>	2025-01-03 07:12:44 -05:00
Dave Horton	ce4618523c	correct clients.password col name (#373 ) * correct clients.password col name * fix #372	2024-12-28 16:42:32 -05:00