LinkedIn
Copied!

Table of Contents

Configuring a Microsoft Azure Key Vault keystore

Version:

Only available versions of this content are shown in the dropdown

Configure a keystore by referencing an encryption key that is stored in a Microsoft Azure Key Vault.

You must create a keystore data instance in Pega Platform with Keystore location equal to Microsoft Azure Key Vault before you can configure the keystore.
  1. If you have not yet defined your cryptographic key in Azure, log in to your Microsoft Azure Key Vault account and create a key with an RSA algorithm. For details, see your Azure Key Vault documentation and the Pega Community article Configuring a Microsoft Azure Key Vault keystore.

  2. Open a keystore from the navigation panel by clicking Records Security Keystore and selecting an Azure Key Vault keystore from the instance list.

  3. In the Client ID field, enter the client ID of the application that you created in Azure.

  4. In the Client key field, enter the client secret for the application that you created in Azure.

  5. In the Customer master key ID field, enter the key identifier of the master key that you created in Azure Key Vault.

  6. In the JSON Web Algorithm (JWA) list, select the algorithm for the JSON web token.

    • RSA1_5
    • RSA-OAEP
    • RSA-OAEP-256
  7. In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.

    The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
  8. Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Key Vault and find your key.

  9. Click Save.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.