Close popover

Table of Contents

Configuring a Microsoft Azure Key Vault keystore

Version:

Configure a keystore by referencing an encryption key that is stored in a Microsoft Azure Key Vault.

You must Creating a keystore for application data encryption data instance in Pega Platform with Keystore location equal to Microsoft Azure Key Vault before you can configure the keystore.
  1. If you have not yet defined your cryptographic key in Azure, log in to your Microsoft Azure Key Vault account and create a key with an RSA algorithm. For details, see your Azure Key Vault documentation and the Pega Community article Configuring a Microsoft Azure Key Vault keystore.

  2. Open a keystore from the navigation panel by clicking Records Security Keystore and selecting an Azure Key Vault keystore from the instance list.

  3. In the Client ID field, enter the client ID of the application that you created in Azure.

  4. In the Client key field, enter the client secret for the application that you created in Azure.

  5. In the Customer master key ID field, enter the key identifier of the master key that you created in Azure Key Vault.

  6. In the JSON Web Algorithm (JWA) list, select the algorithm for the JSON web token.

    • RSA1_5
    • RSA-OAEP
    • RSA-OAEP-256
  7. In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.

    The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
  8. Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Key Vault and find your key.

  9. Click Save.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Creating a keystore for application data encryption

    Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.