To use the Amazon Web Services Key Management Service (AWS KMS) in Pega Platform, you create the master key in AWS KMS, and then you create a keystore instance in Pega Platform that refers to the KMS.
This procedure shows an example of creating a customer master key and an access key within AWS KMS. For detailed instructions, refer to the documentation from AWS. The AWS documentation includes the AWS Developer Guide for KMS and the Managing Access Keys for IAM Users guide.
- In AWS, under Identity and Access Management (IAM), create an alias for the customer master key.
- Add the Tag key and Tag value to the master key.
- Assign administrators for the master key.
- Assign users for the master key.
- Click Create key to generate the access key.
- Copy the ARN for the key. You use the ARN to create the Pega keystore instance.
- Before clicking Close, copy the Access key ID and Secret access key. You use these to create the Pega keystore instance.
- Create a keystore instance in Pega Platform, using the
Creating a keystore for
application data encryption procedure and enter the following:
- In the Access key ID field, enter the value from step 7.
- In the Secret access key field, enter the value from step 7.
- In the Customer master key ID field, enter the ARN value from step 6.