Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Creating a keystore instance for an external key management service

Updated on June 30, 2021

You can encrypt application and system data in Pega Platform™ by using either the platform cipher or a cipher that is stored within an external key management service (KMS). Use an external KMS to control the ownership, creation, and rotation of your master key.

To configure Pega Platform to use an external KMS, complete the following tasks.
  1. In the external key management service, create the master key.
  2. In Pega Platform, create an instance of the keystore rule to access the external KMS.
  3. In Pega Platform, configure and activate the platform cipher to reference the keystore instance.
    For more information, see Configuring the platform cipher.
  4. In Pega Platform, identify the classes and properties to encrypt.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us