Creating a keystore instance for an external key management service

Updated on March 15, 2022

You can encrypt application and system data in Pega Platform™ by using either the platform cipher or a cipher that is stored within an external key management service (KMS). Use an external KMS to control the ownership, creation, and rotation of your master key.

To configure Pega Platform to use an external KMS, complete the following tasks.

In the external key management service, create the master key.
In Pega Platform, create an instance of the keystore rule to access the external KMS.
For step-by-step examples for various key management services for tasks 1 and 2, see:
In Pega Platform, configure and activate the platform cipher to reference the keystore instance.
For more information, see Configuring the platform cipher.
In Pega Platform, identify the classes and properties to encrypt.
For more information, see:
- Creating an access control policy
- Encrypting the storage stream (BLOB)

Previous topic Changing the default keystore caching settings
Next topic Importing an X.509 certificate

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Get Started with Community

Creating a keystore instance for an external key management service

Have a question? Get answers now.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

Get Started with Community

Have a question? Get answers now.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.