Configuring a HashiCorp Vault keystore
Configure a keystore by referencing an encryption key that is stored in a HashiCorp Vault.
- If you have not yet defined your cryptographic key in HashiCorp Vault, log in to your HashiCorp Vault account and create an encryption key. The key should be accessible with the AppRole authentication method. For details, see your HashiCorp Vault documentation and Creating a keystore for application data encryption.
- Open a keystore from the navigation panel by clicking and selecting a HashiCorp Vault keystore from the instance list.
- In the AppRole Role ID field, enter the Role ID for accessing Vault with the AppRole authentication method.
- In the AppRole Secret ID field, enter the Secret ID for accessing Vault with the AppRole authentication method.
- In the Authentication service endpoint field, enter the endpoint (URL) for accessing Vault with the AppRole authentication method.
- In the Encryption service endpoint field, enter the endpoint (URL) for encryption that uses your Vault encryption key.
- In the Decryption service endpoint field, enter the endpoint (URL) for decryption that uses your Vault encryption key.
- In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) rotates.
- Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Key Vault and find your encryption key.
- Click Save.
Previous topic Configuring a Microsoft Azure Key Vault keystore Next topic Configuring a Google Cloud KMS keystore