Encryption in Pega Platform: Using AWS KMS without hard-coding secret access key
I am trying to come up with a solution for encrypting sensitive data. We use AWS KMS at our organization, but due to security reason the secret access key is not shared and cannot be hardcoded.
In pega, when a keystore is created with the keystore loaction AWS KMS - I am asked to input the Key ID and secret access key at design time. Is it possible to have this properties configurable using DSS or having pega take these property value at runtime? or have pega installed in EC2 connect to AWS using an assume role?