To configure a keystore, you can reference the encryption key that is stored in the
Amazon Web Services Key Management Service (AWS KMS).
Before you begin: You must
create a
keystore data instance in
Pega Platform with
Keystore location equal to
Amazon Key Management
Service (KMS) before you can configure the keystore.
-
If you have not yet defined your keys in Amazon, log in to your Amazon Web
Services account, and under Identity and Access Management (IAM), create a
Customer Master Key (CMK) and access key.
- For information about how to create a Customer Master Key, see the AWS
Developer Guide that describes the AWS Key Management Service and the
Pega Community article Configuring an Amazon Web Services Key Management
Service keystore.
- The access key provides the access key ID and secret access key that you
need to enter in the keystore form. For more information, see the Amazon
guide Managing Access Keys for IAM Users.
- When you create the encryption key, select the same geographic region
for your key that your application is deployed in. Selecting the same
geographic region gives your application the best network
performance.
-
Open a keystore from the navigation panel by clicking and selecting a KMS keystore from the instance list.
-
In the Access key ID field, enter the access key ID that
you created in AWS KMS.
-
In the Secret access key field, enter the secret access
key that you created in AWS KMS.
-
In the Customer master key ID field, enter the Amazon
Resource Name (ARN) of the customer master key created in AWS KMS.
-
In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) rotates.
Note: The recommended (default) value is 90 days. You can set the rotation to
any time between 30 and 365 days.
-
Click Test connectivity to verify that all fields are
filled out correctly and that Pega Platform is able to connect to
AWS KMS.
-
Click Save.