Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Configuring a Google Cloud KMS keystore

Updated on March 15, 2022

Configure a keystore by referencing an encryption key that is stored in Google Cloud key management service (KMS).

Before you begin: You must create a keystore data instance in Pega Platform with Keystore location equal to Google Cloud KMS before you can configure the keystore.
  1. If you have not yet defined your cryptographic key in Google Cloud KMS, create a Google project, a service account, and a keyring. For details, see your Google Cloud KMS documentation and Creating a keystore for application data encryption.
    1. Create a service account with a role equal to Cloud KMS CryptoKey Encrypter/Decrypter, and download the account credentials as a .json file.
    2. Create a keyring and a symmetric key, and copy the key ID in Google resource name format.
  2. Open a keystore from the navigation panel by clicking RecordsSecurityKeystore and selecting a Google Cloud KMS keystore from the instance list.
  3. Click Upload file, and select the service account credentials file that you downloaded in step 1a.
  4. In the Customer master key ID field, enter the key in Google resource name format that you copied in step 1b.
  5. In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.
    Note: The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
  6. Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Google Cloud KMS and find your key.
  7. Click Save.
  • Previous topic Configuring a HashiCorp Vault keystore
  • Next topic Encrypting application data by using a custom key management service

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us