Creating a data page activity for a master key from a custom source
To configure a master key keystore with a data page reference to a custom source, create the activity that loads the keystore into the data page.
- On the Definition tab of the data page that you are creating the activity for, next to the Activity name field, click the Add icon.
- Enter the label and identifier, accept the default for the Apply to class, Data-Admin-Security-Keystore, and then click Create and open.
-
In the Method field, enter
Java
. -
Click the Expand icon, and then in the Method
Parameters section, in the Java Source
field, enter a code snippet similar to one of the following examples, depending
on your use case:
CAUTION:Do not include both code snippets.
- To retrieve a master key directly from an external key management
service, enter a code snippet similar to this
one:
// Get master key from remote location byte[] masterKey = null; // TODO: assign 16 byte master key KeyStoreUtils keyUtil = pega.getKeyStoreUtils(); CustomMasterKey customMasterKey = keyUtil.getMasterKeyObject(); customMasterKey.setMasterKey(masterKey); keyUtil.loadMasterKeyForSystemDataEncryption(customMasterKey);
- To retrieve REST APIs that encrypt and decrypt data keys from an
external key management service, enter a code snippet simliar to this
one:
KeyStoreUtils keyUtil = pega.getKeyStoreUtils(); CustomMasterKey customerMasterKey = keyUtil.getMasterKeyObject(); //Enable remote encryption mode customerMasterKey.setRemoteEncryptionMode(true); //If CustomMasterKey object contains Encrypted CDK, then isEncryptedCustomDataKey() method returns true if(customerMasterKey.isEncryptedCustomDataKey()){ String ecdk =new String(customerMasterKey.getECDK()); //oLog.infoForced("decrypting ECDK: "); byte[] cdk = null;// TODO: decrypt the above ecdk at remote KMS and assign it to the cdk variable customerMasterKey.setCDK(cdk); customerMasterKey.setECDK(null); customerMasterKey.setCustomDataKeyType(false); }else{ //CustomMasterKey object contains plaintext CDK byte[] cdk = customerMasterKey.getCDK(); if(cdk!= null){ String str = new String(cdk); //oLog.infoForced("encrypting CDK :"); byte[] ecdk = null;//TODO: encrypt the above cdk at remote KMS and assign it to the ecdk variable customerMasterKey.setECDK(ecdk); customerMasterKey.setCDK(null); customerMasterKey.setCustomDataKeyType(true); } } keyUtil.loadMasterKeyForSystemDataEncryption(customerMasterKey);
- To retrieve a master key directly from an external key management
service, enter a code snippet similar to this
one:
- Click Save.