Skip to main content

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Configuring a HashiCorp Vault keystore

Suggest edit Updated on July 1, 2021

Configure a keystoreby referencing an encryption key that is stored in a HashiCorp Vault.

Before you begin: You must create a keystore data instance in Pega Platform with Keystore location equal to HashiCorp Vault before you can configure the keystore.
  1. If you have not yet defined your cryptographic key in HashiCorp Vault, log in to your HashiCorp Vault account and create an encryption key. The key should be accessible with the AppRole authentication method. For details, see your HashiCorp Vault documentation and the Pega Community article Configuring a HashiCorp Vault keystore.
  2. Open a keystore from the navigation panel by clicking RecordsSecurityKeystore and selecting a HashiCorp Vault keystore from the instance list.
  3. In the AppRole Role ID field, enter the Role ID for accessing Vault with the AppRole authentication method.
  4. In the AppRole Secret ID field, enter the Secret ID for accessing Vault with the AppRole authentication method.
  5. In the Authentication service endpoint field, enter the endpoint (URL) for accessing Vault with the AppRole authentication method.
  6. In the Encryption service endpoint field, enter the endpoint (URL) for encryption that uses your Vault encryption key.
  7. In the Decryption service endpoint field, enter the endpoint (URL) for decryption that uses your Vault encryption key.
  8. In the Customer data key rotation in days field, enter the number of days after which the customer data key (CDK) rotates.
    Note: The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
  9. Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Key Vault and find your encryption key.
  10. Click Save.
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us