Close popover

Table of Contents

Configuring an Amazon Key Management Service (KMS) keystore


To configure a keystore, you can reference the encryption key that is stored in the Amazon Web Services Key Management Service (AWS KMS).

You must Creating a keystore for application data encryption data instance in Pega Platform with Keystore location equal to Amazon Key Management Service (KMS) before you can configure the keystore.
  1. If you have not yet defined your keys in Amazon, log in to your Amazon Web Services account, and under Identity and Access Management (IAM), create a Customer Master Key (CMK) and access key.

    • For information about how to create a Customer Master Key, see the AWS Developer Guide that describes the AWS Key Management Service and the Pega Community article Configuring an Amazon Web Services Key Management Service keystore.
    • The access key provides the access key ID and secret access key that you need to enter in the keystore form. For more information, see the Amazon guide Managing Access Keys for IAM Users.
    • When you create the encryption key, select the same geographic region for your key that your application is deployed in. Selecting the same geographic region gives your application the best network performance.
  2. Open a keystore from the navigation panel by clicking Records Security Keystore and selecting a KMS keystore from the instance list.

  3. In the Access key ID field, enter the access key ID that you created in AWS KMS.

  4. In the Secret access key field, enter the secret access key that you created in AWS KMS.

  5. In the Customer master key ID field, enter the Amazon Resource Name (ARN) of the customer master key created in AWS KMS.

  6. In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.

    The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
  7. Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform is able to connect to AWS KMS.

  8. Click Save.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Creating a keystore for application data encryption

    Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.