Close popover

Table of Contents

Configuring a Google Cloud KMS keystore


Configure a keystore by referencing an encryption key that is stored in Google Cloud key management service (KMS).

You must Creating a keystore for application data encryption data instance in Pega Platform with Keystore location equal to Google Cloud KMS before you can configure the keystore.
  1. If you have not yet defined your cryptographic key in Google Cloud KMS, create a Google project, a service account, and a keyring. For details, see your Google Cloud KMS documentation and the Pega Community article Configuring a Google Cloud KMS keystore.

    1. Create a service account with a role equal to Cloud KMS CryptoKey Encrypter/Decrypter, and download the account credentials as a .json file.

    2. Create a keyring and a symmetric key, and copy the key ID in Google resource name format.

  2. Open a keystore from the navigation panel by clicking Records Security Keystore and selecting a Google Cloud KMS keystore from the instance list.

  3. Click Upload file, and select the service account credentials file that you downloaded in step 1a.

  4. In the Customer master key ID field, enter the key in Google resource name format that you copied in step 1b.

  5. In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.

    The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
  6. Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Google Cloud KMS and find your key.

  7. Click Save.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Creating a keystore for application data encryption

    Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.