Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Configuring a Cassandra cluster for internal encryption (deprecated)

Updated on May 17, 2024

This content applies only to On-premises and Client-managed cloud environments

Protect data that is transferred internally between Decision Data Store (DDS) nodes in Pega Platform by using node-to-node encryption.


Starting in Pega Platform version 8.6, the use of an internal Cassandra database is deprecated. On-premises and client-managed cloud systems that have been updated from earlier versions of Pega Platform can continue to use Cassandra in embedded mode. However, to ensure future compatibility, do not create any new environments using embedded Cassandra.

Note: DDS nodes require node-to-node encryption.
  1. In the prconfig.xml file, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.
  2. Configure the remaining prconfig.xml settings.
    For more information about the prconfig.xml properties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption.
  3. In the cassandra.yaml file, add the following configuration for node-to-node encryption:
    server_encryption_options: {
    keystore_password: cassandra,
    require_client_auth: 'true',
    internode_encryption: all,
    truststore_password: cassandra,
    keystore: /path/keystore.shared,
    truststore: /path/truststore.shared,
    store_type: JKS}
  4. Create Java keystores and truststores along with SSL certificates.
    For more information, see Creating Java keystores and truststores for Cassandra encryption.
    Note: If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption.
  5. Copy the keystore.shared and truststore.shared files to the external Cassandra directory.
  6. In the prconfig.xml and cassandra.yaml files, update the configuration with the file paths and passwords to the certificates.
  7. Restart Pega Platform for the changes to take effect.
  • Previous topic Creating Cassandra user roles with limited database access
  • Next topic Prconfig properties for Cassandra cluster encryption

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us