To configure a keystore, you can reference the encryption key that is stored in the Amazon Web Services Key Management Service (AWS KMS).
- If you have not yet defined your keys in Amazon, log in to your Amazon Web
Services account, and under Identity and Access Management (IAM), create a
Customer Master Key (CMK) and access key.
- For information about how to create a Customer Master Key, see the AWS Developer Guide that describes the AWS Key Management Service and Configuring an Amazon Web Services Key Management Service keystore.
- The access key provides the access key ID and secret access key that you need to enter in the keystore form. For more information, see the Amazon guide Managing Access Keys for IAM Users.
- When you create the encryption key, select the same geographic region for your key that your application is deployed in. Selecting the same geographic region gives your application the best network performance.
- Open a keystore from the navigation panel by clicking and selecting a KMS keystore from the instance list.
- In the Access key ID field, enter the access key ID that you created in AWS KMS.
- In the Secret access key field, enter the secret access key that you created in AWS KMS.
- In the Customer master key ID field, enter the Amazon Resource Name (ARN) of the customer master key created in AWS KMS.
- In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) rotates.
Note: The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
- Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform is able to connect to AWS KMS.
- Click Save.