Configuring a Microsoft Azure Key Vault keystore
Configure a keystore by referencing an encryption key that is stored in a Microsoft Azure Key Vault.
If you have not yet defined your cryptographic key in Azure, log in to your Microsoft Azure Key Vault account and create a key with an RSA algorithm. For details, see your Azure Key Vault documentation and the Pega Community article Configuring a Microsoft Azure Key Vault keystore.
Open a keystore from the navigation panel by clickingand selecting an Azure Key Vault keystore from the instance list.
In the Client ID field, enter the client ID of the application that you created in Azure.
In the Client key field, enter the client secret for the application that you created in Azure.
In the Customer master key ID field, enter the key identifier of the master key that you created in Azure Key Vault.
In the JSON Web Algorithm (JWA) list, select the algorithm for the JSON web token.
In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Key Vault and find your key.
A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.
- Creating a keystore for application data encryption
Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.