Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Creating a data page activity for a master key from a custom source

Updated on June 30, 2021

Encrypt system data using an encryption key that is sourced from a Custom Key management service (KMS) that is accessed from a data page. To configure a keystore for a master key by using a data page reference, create the data page, and then use the data page to retrieve a master key from an external source.

  1. On the Definition tab of the data page that you are creating the activity for, next to the Activity name field, click the Add icon.
  2. Enter a label and identifier, and accept the default properties in the Apply to class and Data-Admin-Security-Keystore.
  3. Click Create and open.
  4. In the Method field, enter Java.
  5. Click the Expand icon, and then in the Method Parameters section, in the Java Source field, enter a code snippet appropriate to your use case:
    Caution: Do not include both code snippets.
    • To retrieve a master key directly from an external key management service, enter a code snippet similar to this one:
                // Get master key from remote location
                byte[] masterKey = null; // TODO: assign 16 byte master key
                KeyStoreUtils keyUtil = pega.getKeyStoreUtils();
                CustomMasterKey customMasterKey = keyUtil.getMasterKeyObject();
    • To retrieve REST APIs that encrypt and decrypt data keys from an external key management service, enter a code snippet similar to this one:
                KeyStoreUtils keyUtil = pega.getKeyStoreUtils();
                CustomMasterKey customerMasterKey = keyUtil.getMasterKeyObject();
                //Enable remote encryption mode 
                //If CustomMasterKey object contains Encrypted CDK, then isEncryptedCustomDataKey() method returns true
                    String ecdk =new String(customerMasterKey.getECDK());
                    //oLog.infoForced("decrypting ECDK: ");
                    byte[] cdk = null;// TODO: decrypt the above ecdk at remote KMS and assign it to the cdk variable
                    //CustomMasterKey object contains plaintext CDK
                    byte[] cdk =  customerMasterKey.getCDK();
                    if(cdk!= null){
                        String str = new String(cdk);
                        //oLog.infoForced("encrypting CDK :");
                        byte[] ecdk = null;//TODO: encrypt the above cdk at remote KMS and assign it to the ecdk variable
  6. Click Save.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us