Posted: 4 Nov 2018 16:40 EST Last activity: 11 Apr 2019 13:46 EDT
BYOK support with Platform Cipher
We are trying to Pega 7.4's Platform Cipher (Data Encryption Landing Page) with external KMS (Hashicorp). However, it supports only AWS KMS at present. Custom Cipher is not an option as key rotation and also security team has disallowed it.
Let me know if someone has any other alternatives.
***Moderator Edit-Vidyaranjan: Updated SR details***
That is correct, in Platform 7.4 the built-in Platform AES-256-CBC encryption algorithm can only be used by configuring it on the Data Encryption landing page to use a Keystore instance that in turn references a customer's AWS KMS instance for managing the master key used to encrypt the application data. An enhancement to the Data Encryption landing page is being considered for a future release, that will allow this Keystore instance to be sourced from a data page, which would allow a customer to source the key from anywhere.