Configure a keystoreby referencing an encryption key that is stored in a HashiCorp
Vault.
Before you begin: You must
create a
keystore data instance in
Pega Platform with
Keystore location equal to
HashiCorp
Vault before you can configure the keystore.
-
If you have not yet defined your cryptographic key in HashiCorp Vault, log in
to your HashiCorp Vault account and create an encryption key. The key should be
accessible with the AppRole authentication method. For details, see your
HashiCorp Vault documentation and the
Pega Community article Configuring a HashiCorp Vault keystore.
-
Open a keystore from the navigation panel by clicking and selecting a HashiCorp Vault keystore from the instance
list.
-
In the AppRole Role ID field, enter the Role
ID for accessing Vault with the AppRole authentication
method.
-
In the AppRole Secret ID field, enter the
Secret ID for accessing Vault with the AppRole
authentication method.
-
In the Authentication service endpoint field, enter the
endpoint (URL) for accessing Vault with the AppRole authentication method.
-
In the Encryption service endpoint field, enter the
endpoint (URL) for encryption that uses your Vault encryption key.
-
In the Decryption service endpoint field, enter the
endpoint (URL) for decryption that uses your Vault encryption key.
-
In the Customer data key rotation in days field, enter
the number of days after which the customer data key (CDK) rotates.
Note: The recommended (default) value is 90 days. You can set the rotation to
any time between 30 and 365 days.
-
Click Test connectivity to verify that all fields are
filled out correctly and that Pega Platform can connect to Key
Vault and find your encryption key.
-
Click Save.