Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Configuring an Amazon Web Services Key Management Service keystore

Updated on March 15, 2022

To use the Amazon Web Services Key Management Service (AWS KMS) in Pega Platform, you create the master key in AWS KMS, and then you create a keystore instance in Pega Platform that refers to the KMS.

This procedure shows an example of creating a customer master key and an access key within AWS KMS. For detailed instructions, refer to the documentation from AWS. The AWS documentation includes the AWS Developer Guide for KMS and the Managing Access Keys for IAM Users guide.

  1. In AWS, under Identity and Access Management (IAM), create an alias for the customer master key.
  2. Add the Tag key and Tag value to the master key.
  3. Assign administrators for the master key.
  4. Assign users for the master key.
  5. Click Create key to generate the access key.
  6. Copy the ARN for the key. You use the ARN to create the Pega keystore instance.
  7. Before clicking Close, copy the Access key ID and Secret access key. You use these to create the Pega keystore instance.
  8. Create a keystore instance in Pega Platform, using the Creating a keystore for application data encryption procedure and enter the following:
    1. In the Access key ID field, enter the value from step 7.
    2. In the Secret access key field, enter the value from step 7.
    3. In the Customer master key ID field, enter the ARN value from step 6.
  • Previous topic Creating a keystore for application data encryption
  • Next topic Configuring an Amazon Key Management Service (KMS) key rotation

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us