We are integrating with our Enterprise MFT (Managed File Transfer) tool to transfer the files from Azure BLOB (Pega's respository) to On-prem network folder(s). The Standard authentication method used in the integration process is UserID+Password+ClientKey (SSH private key).
Our Organization has policy of rotating SSH keys twice in a year and we are using unique key pair for each environment (DEV/INTG/STAGING/PERF/PROD). We are on Azure Cloud and our Cloud Security policy enforces to use unique key pair for each environment.
At present we have 15 Pega instances (supporting multiple Pega applications) where we need to update the keystore record manually by logging into each Pega instance, this is going to be more laborious work when the number of Pega instances increases.
REST service in Pega platform to update the Keystore record (associated with SSH private key) directly helps us a lot.
The REST service needs to accept file (private key) and keystore password (SSH pass phrase).
Please let me know if there are any alternative ways of automating this process.
***Edited by Moderator Marissa to update Content Type from Idea to Question***
Currently, Pega supports Azure Key Vault integration at Application Encryption level only. It is not working in FTP rule.
It allows me to select the KeyStore rule (Azure KeyVault configuration) but it's not pulling the key at runtime.
Regarding the data page approach, for FTP to work the "KeyStore type" should be "KEY" but if I use data page as the source then it is not allowing me to select KeyStore type as KEY. The displayed values are "JKS, PKCS12 and JWK".
Please let us know if there are any other alternatives.