Configure a keystore by referencing an encryption key that is stored in a Microsoft
Azure Key Vault.
Before you begin: You must
create a
keystore data instance in
Pega Platform with
Keystore location equal to
Microsoft Azure Key
Vault before you can configure the keystore.
-
If you have not yet defined your cryptographic key in Azure, log in to your
Microsoft Azure Key Vault account and create a key with an RSA algorithm. For
details, see your Azure Key Vault documentation and the
Pega Community article Configuring a Microsoft Azure Key Vault keystore.
-
Open a keystore from the navigation panel by clicking and selecting an Azure Key Vault keystore from the instance
list.
-
In the Client ID field, enter the client ID of the
application that you created in Azure.
-
In the Client key field, enter the client secret for the
application that you created in Azure.
-
In the Customer master key ID field, enter the key
identifier of the master key that you created in Azure Key Vault.
-
In the JSON Web Algorithm (JWA) list, select the
algorithm for the JSON web token.
- RSA1_5
- RSA-OAEP
- RSA-OAEP-256
-
In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) rotates.
Note: The recommended (default) value is 90 days. You can set the rotation to
any time between 30 and 365 days.
-
Click Test connectivity to verify that all fields are
filled out correctly and that Pega Platform can connect to Key
Vault and find your key.
-
Click Save.