Encrypting the values of sensitive properties
In the HRApp application, ensure that the Social Security number and salary properties are encrypted in all Pega Platform data stores (the database and Elasticsearch index files, in memory, and on the clipboard). Ensure that they are decrypted only when they are displayed in the user interface.
- An encryption key is defined in a key management system (KMS) outside of Pega Platform.
- A keystore instance is defined in Pega Platform that refers to the encryption key.
- The Keystore field in the Application data encryption section of the Data Encryption landing page refers to the keystore in step 2, and the Activate button has been clicked to activate the keystore.
- In the Employee class, a property named SSN defines the employee’s Social Security number and a property named Salary defines the employee’s salary.
Do these steps to ensure that the SSN and Salary properties are encrypted in all data stores, in memory, and on the clipboard. You can combine property encryption with property masking.
In Dev Studio, create an access control policy for an Apply to class equal to Employee and Action equal to PropertyEncrypt.
Click Add property and in the Property field, enter SSN.
Click Add property and in the Property field, enter Salary.