When secure connectors are migrated between environments (i.e. Dev > Test > PreProd > Prod) the keystore data instance has to be updated - and sometimes also the truststore: Keystore data instances have to be opened and replacement keystore files have to be uploaded. If you are doing this arms-length e.g. using customer's nearshore IT team, all steps have to be described in minute detail in release notes/change instuctions. If you have several connectors that's a lot of updates to be done (and described).
One obvious way around this would be to use GRS in connector truststore/keystore fields: Then pre-prepared keystore data instances for all environments can be supplied in the product (assuming keystore files containing certificates are available ahead of time), and your GRS-load data transform can assign the right one depending on environment. However connectors do not appear to support GRS in these fields :(
What other best practices does the community use to support migration of secure connectors across environments?
***Updated by Moderator: Marissa. Removed user added Ask the Expert group tag. Apologies for confusion, shouldn't have been an end-user option; added SR Details***
Please share the details of your Pega version and which connector type you are using. All connectors should support using Global Resource Settings (GRS) for the dynamic behavior you desire. If the keystore fields don't appear to use GRS, then the field reference to the keystore data instance itself may allow the use of a GRS.
We have Pega 7.1.9 with PegaMarketing 7.13. The connector is Rule-Connect-Rest. There is no indication in the form (or in help) that the truststore and/or keystore fields support GRS so I didn't try using it. I will have a go and report back here.