Have you ever found yourself wondering, “Where exactly are my application secrets stored?”
Do you worry about how safe your API keys and passwords really are in your current setup?
Ever wished you could decide exactly where your sensitive credentials live and change or rotate them?
If any of these questions sound familiar, you’re not alone.
In today’s world, keeping your credentials and keys safe should be at the heart of your development process. That’s why Pega’s new Bring Your Own Secrets (BYOS) feature is such a game-changer. It puts you in control of your sensitive information, enabling more secure, flexible, and compliant applications than ever before.
BYOS: Pick your vault, set your rules, and stay secure. Pega gives you the power.
What is Bring Your Own Secrets?
Imagine if you could take full control of your secrets, API keys, and passwords, without ever storing them in the Pega Platform™ database. BYOS lets you integrate external secret stores such as AWS Secrets Manager and Azure Key Vault directly into your Pega apps. This means you can keep your secrets where you want them, update them when needed, and ensure they’re always protected by industry-leading security standards.
Wondering how BYOS changes the game? Here’s how!
- Enhanced Security: No more hardcoded credentials or storing sensitive data within Pega Platform.
- Easy key rotation: Update the secret in your vault, and Pega automatically uses the latest version - no redeployment or downtime.
- Compliance: Meet regulatory requirements by keeping secrets in approved vaults.
- Flexibility: Choose the secret manager that fits your infrastructure.
- Seamless Integration: Use secrets dynamically across Pega Platform.
The BYOS process: simple and secure
Pega’s BYOS feature enables you to reference secrets in your application. Instead of entering credentials directly, you point to a secret stored in your vault. Pega securely fetches the secret at runtime, keeping your secrets protected.
Example: If your application needs to access an external REST API using OAuth 2.0, you don’t need to store the client’s credentials directly in Pega Platform. Instead, you can configure Pega Platform to retrieve them from your organization’s secure vault. When the credentials are updated, simply make the change in the vault; Pega Platform automatically fetches the latest version.
To get started you must connect Pega Platform to your Vault, and the first step is setting up Identity Federation. This establishes trust between Pega Platform and your Vault, ensuring secure communication.
This is the new ruleform introduced in Pega Platform known as "Identity federation" which helps to establish trust.
Once that’s in place, the next step is to configure an External Secret Store. This enables Pega Platform to fetch and map secrets as needed.
This is the new ruleform introduced in Pega Platform known as "External Secret Store" which helps to read secrets from secret manager.
That’s it! Now you can easily map these secrets across supported rule forms in Pega Platform, such as Authentication Profiles, file upload keystores, and Kafka or Avro configurations.
Experience the Magic of BYOS
Why settle for ordinary when you can have security on your terms? BYOS lets you store your secrets your way, without compromise. It’s not just about keeping data safe; it’s about giving you the power to protect what matters, your way. That’s the magic BYOS brings to Pega Platform.
Related Resources
- Bring Your Own Secrets with Azure Key Vault
- Configuring identity federation
- Identity federation and external secret stores
Don't Forget
- JOIN THE CONVERSATION on Support Center