You can encrypt application and system data in Pega Platform™ by using either the platform cipher or a cipher that is stored within an external key management service (KMS). Use an external KMS to control the ownership, creation, and rotation of your master key.
- In the external key management service, create the master key.
- In Pega Platform, create an instance of the keystore rule to
access the external KMS. For step-by-step examples for various key management services for tasks 1 and 2, see:
- In Pega Platform, configure and activate the platform cipher
to reference the keystore instance.For more information, see Configuring the platform cipher.
- In Pega Platform, identify the classes and properties to encrypt.