Configure a keystore by referencing an encryption key that is stored in a Microsoft Azure Key Vault.
- If you have not yet defined your cryptographic key in Azure, log in to your Microsoft Azure Key Vault account and create a key with an RSA algorithm. For details, see your Azure Key Vault documentation and Creating a keystore for application data encryption.
- Open a keystore from the navigation panel by clicking and selecting an Azure Key Vault keystore from the instance list.
- In the Client ID field, enter the client ID of the application that you created in Azure.
- In the Client key field, enter the client secret for the application that you created in Azure.
- In the Customer master key ID field, enter the key identifier of the master key that you created in Azure Key Vault.
- In the JSON Web Algorithm (JWA) list, select the
algorithm for the JSON web token.
- In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) rotates.
Note: The recommended (default) value is 90 days. You can set the rotation to any time between 30 and 365 days.
- Click Test connectivity to verify that all fields are filled out correctly and that Pega Platform can connect to Key Vault and find your key.
- Click Save.