On the Data Encryption tab, you select the type of encryption to use in your application to encrypt and decrypt passwords, properties, and BLOBs.
The Data Encryption tab is visible to operators who have the pxCanManageDataEncryption privilege in their access roles. This privilege is part of the PegaRULES:SecurityAdministrator role.
On this tab you select what encryption type to use in your application to encrypt and decrypt passwords, properties and BLOBs. The following options are available:
When changing the AWS KMS keystore, you must activate the new keystore before you delete or disable the currently active Customer Master Key.
You can switch between a platform cipher and a custom cipher to change the encryption type for your application at any time. However, depending on what type of cipher you have chosen, Pega Platform uses the custom cipher settings or AWS KMS encryption keys to decrypt previously encrypted data. When you switch between cipher types do not delete the custom cipher settings or the AWS KMS encryption keys.
If you switch from a platform cipher to a custom cipher and delete the AWS KMS encryption keys, you will not be able to encrypt all your previously encrypted data. For information about how to change from a platform cipher to a custom cipher, contact Global Customer Support.