Skip to main content

Table of Contents

Creating a keystore instance for an external key management service


Only available versions of this content are shown in the dropdown

You can encrypt application and system data in Pega Platform™ by using either the platform cipher or a cipher that is stored within an external key management service (KMS). Use an external KMS to control the ownership, creation, and rotation of your master key.

To configure Pega Platform to use an external KMS, complete the following tasks.

  1. In the external key management service, create the master key.

  2. In Pega Platform, create an instance of the keystore rule to access the external KMS.

  3. In Pega Platform, configure and activate the platform cipher to reference the keystore instance.

    For more information, see Configuring the platform cipher.
  4. In Pega Platform, identify the classes and properties to encrypt.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us