Creating a keystore for application data encryption

Create a keystore instance for your keystore file, which contains the keys and certificates that are used, for example, to support Web Services Security and outbound email security.

Before you begin:  Obtain a keystore file that is signed by a certificate authority or is self-signed, and make it available as a file or as a URL. Obtaining the keystore file is done outside of Pega Platform. If the file has a password, you also need the password. For more information, see your security administrator.
  1. In the header of Dev Studio, click Create > Security > Keystore.
  2. In the Short description field, enter a name for the keystore.
  3. In the Keystore field, enter an ID for the keystore.
  4. Click Create and open.
  5. In the Keystore location field, press the Down arrow key and select the key management system or keystore source:
    KEY MANAGEMENT SYSTEM (KMS) FOR APPLICATION DATA ENCRYPTION
    • Amazon Key Management Service (KMS) — Reference an encryption key that is stored in Amazon Web Services Key Management Service (AWS KMS).
    • Microsoft Azure Key Vault — Reference an encryption key that is stored in Microsoft Azure Key Vault.
    • HashiCorp Vault — Reference an encryption key that is stored in HashiCorp Vault.
    • Google Cloud KMS — Reference an encryption key that is stored in Google Cloud KMS.
    • Custom — Source master key from other KMS using a data page – Reference an encryption key that is stored in an external custom source and is retrieved by using a data page. For details on configuring a custom KMS for application data encryption, see Encrypting application data by using a custom key management service.
    KEY MANAGEMENT SYSTEM (KMS) FOR SYSTEM DATA ENCRYPTION
    • Custom — Source master key from other KMS using a data page – Reference an encryption key that is stored in an external custom source and is retrieved by using a data page. For details on configuring a custom KMS for system data encryption, see Encrypting system data by using a custom key management service.
    KEYSTORE
    • Upload file — Upload the keystore file, such as a Java KeyStore (JKS) file.
    • Reference to file — Reference the keystore file from a file location.
    • Reference to URL — Reference the keystore file that contains public keys from a URL address.
    • Reference to data page — Reference the keystore that is stored in a data page.
  6. Configure the keystore based on the keystore location that you selected.