Table of Contents

Configuring a Google Cloud KMS keystore

To use a Google Cloud KMS keystore in Pega Platform™, you create a project, a service account, and a master key in Google Cloud Platform, and then you create a keystore instance in Pega Platform that refers to the KMS.

Creating the master key in Google Cloud Platform

  1. Log in to the Google Cloud Platform console, and then click Create project.
    Google example step 1: Create project
    Google example step 1: Create project
  2. Enter a project name, and then click Create.
    Google example step 2: Create project
    Google example step 2: Create project
  3. Select the checkbox next to the project name, and in the Action column, click Settings.
    Google example step 3: Settings
    Google example step 3: Settings
  4. Click Service accounts, and then click Create service account.
    Google example step 4: Create service account
    Google example step 4: Create service account
  5. Enter a service account name and click Create.
    Google example step 5: Create service account
    Google example step 5: Create service account
  6. In the Role list, click Cloud KMS CryptoKey Encrypter/Decrypter. Then grant users access to the service account.
    Google example step 6: Permissions
    Google example step 6: Permissions
  7. Select the checkbox next to the service account name, and in the Action column, click Create key.
    Google example step 7: Create key
    Google example step 7: Create key
  8. Click JSON, and then click Create.  The service account credentials are saved as a .json file.  You use this file later to create the Pega keystore instance.
    Google example step 8: Create key
    Google example step 8: Create key
  9. Select Cryptographic keys, and then click Create key ring.
    Google example step 9: Create key ring
    Google example step 9: Create key ring
  10. Enter a key ring name, and click Create.
    Google example step 10: Create key ring
    Google example step 10: Create key ring
  11. Create a key.  Enter a name, select a Purpose equal to Symmetric encrypt/decrypt, and select Generate a key for me.  Click Create.
    Google example step 11: Create key
    Google example step 11: Create key
  12. Select the checkbox next to the key name, and in the Action column, select Copy Resource ID. You use this ID later to create the Pega keystore instance.
    Google example step 12: Copy key ID
    Google example step 12: Copy key ID

Creating the Google Cloud KMS keystore instance in Pega Platform

After you create the project, the service account, and the master key in Google Cloud Platform, create a keystore instance in Pega Platform that references Google as the keystore location. The keystore instance includes values from the KMS for account credentials and key resource ID, as shown in the following example. For more information, see Creating a keystore and Configuring a Google Cloud KMS keystore.

  1. Click Upload file, and select the file that you downloaded in Google step 8.
  2. In the Customer master key ID field, enter the resource ID that you copied in Google step 12.
Creating the Google Cloud KMS keystore instance
Creating the Google Cloud KMS keystore instance

 

 

 


50% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.