To configure a keystore, you can reference the encryption key that is stored in the
Amazon Web Services Key Management Service (AWS KMS).
Before you begin: You must complete the following task before you can
configure a keystore:
Creating a keystore.
-
Open a keystore from the navigation panel by clicking and selecting a KMS keystore from the instance list.
-
If you have not yet defined your keys in Amazon, log in to your Amazon Web
Services account, and under Identity and Access Management (IAM), create a
Customer Master Key (CMK) and access key.
- For information about how to create a Customer Master Key, see the AWS
Developer Guide that describes the AWS Key Management Service.
- The access key provides the access key ID and secret access key that you
need to enter in the keystore form. For more information, see the Amazon
guide Managing Access Keys for IAM Users.
- When you create the encryption key, select the same geographic region
for your key that your application is deployed in. Selecting the same
geographic region gives your application the best network
performance.
-
In the Access key ID field, enter the access key ID that
you created in AWS KMS.
-
In the Secret access key field, enter the secret access
key that you created in AWS KMS.
-
In the Customer master key ID field, enter the Amazon
Resource Name (ARN) of the customer master key created in AWS KMS.
-
In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) should rotate.
Note: The recommended (default) value is 90 days. You can set the minimum number
of days to 30 and the maximum number of days to 365.
-
Click Test connectivity to verify that all fields are
filled out correctly and that Pega Platform is able to connect to
AWS KMS.
-
Click Save.