Close popover

Table of Contents

Creating a data page activity for a master key from a custom source

Version:

To configure a master key keystore with a data page reference to a custom source, create the activity that loads the keystore into the data page.

  1. On the Definition tab of the data page that you are creating the activity for, next to the Activity name field, click the Add icon.

  2. Enter the label and identifier, accept the default for the Apply to class, Data-Admin-Security-Keystore, and then click Create and open.

  3. In the Method field, enter Java.

  4. Click the Expand icon, and then in the Method Parameters section, in the Java Source field, enter a code snippet similar to one of the following examples, depending on your use case:

    Do not include both code snippets.
    • To retrieve a master key directly from an external key management service, enter a code snippet similar to this one: // Get master key from remote location byte[] masterKey = null; // TODO: assign 16 byte master key KeyStoreUtils keyUtil = pega.getKeyStoreUtils(); CustomMasterKey customMasterKey = keyUtil.getMasterKeyObject(); customMasterKey.setMasterKey(masterKey); keyUtil.loadMasterKeyForSystemDataEncryption(customMasterKey);
    • To retrieve REST APIs that encrypt and decrypt data keys from an external key management service, enter a code snippet simliar to this one: KeyStoreUtils keyUtil = pega.getKeyStoreUtils(); CustomMasterKey customerMasterKey = keyUtil.getMasterKeyObject(); //Enable remote encryption mode customerMasterKey.setRemoteEncryptionMode(true); //If CustomMasterKey object contains Encrypted CDK, then isEncryptedCustomDataKey() method returns true if(customerMasterKey.isEncryptedCustomDataKey()){ String ecdk =new String(customerMasterKey.getECDK()); //oLog.infoForced("decrypting ECDK: "); byte[] cdk = null;// TODO: decrypt the above ecdk at remote KMS and assign it to the cdk variable customerMasterKey.setCDK(cdk); customerMasterKey.setECDK(null); customerMasterKey.setCustomDataKeyType(false); }else{ //CustomMasterKey object contains plaintext CDK byte[] cdk = customerMasterKey.getCDK(); if(cdk!= null){ String str = new String(cdk); //oLog.infoForced("encrypting CDK :"); byte[] ecdk = null;//TODO: encrypt the above cdk at remote KMS and assign it to the ecdk variable customerMasterKey.setECDK(ecdk); customerMasterKey.setCDK(null); customerMasterKey.setCustomDataKeyType(true); } } keyUtil.loadMasterKeyForSystemDataEncryption(customerMasterKey);
  5. Click Save.

  • Configuring a keystore for a master key from a custom source

    You can configure a keystore for a master encryption key that is stored in an external source, such as a key management service. Use keystores to encrypt, authenticate, and serve content over HTTPS. Master keys can encrypt data that is temporarily stored, for example, cached requestor IDs, or data that is persisted, such as data in a database.

  • Creating a data page for a master key from a custom source

    To configure a keystore for a master key by using a data page reference, create the data page. Use this data page to retrieve a master key from an external source.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.