Encrypting the values of sensitive properties
In the HRApp application, ensure that the Social Security number and salary properties are encrypted in all Pega Platform data stores (the database and Elasticsearch index files, in memory, and on the clipboard). Ensure that they are decrypted only when they are displayed in the user interface.
- An encryption key is defined in a key management system (KMS) outside of Pega Platform.
- A keystore instance is defined in Pega Platform that refers to the encryption key.
- The Keystore field in the Application data encryption section of the Data Encryption landing page refers to the keystore in step 2, and the Activate button has been clicked to activate the keystore.
- In the Employee class, a property named SSN defines the employee’s Social Security number and a property named Salary defines the employee’s salary.
- In Dev Studio, create an access control policy for an Apply to class equal to Employee and Action equal to PropertyEncrypt.
- Click Add property and in the Property field, enter SSN.
- Click Add property and in the
Property field, enter
Salary.For more information, see:
Previous topic Controlling access to individual cases Next topic Masking the values of sensitive properties