Question

2
Replies
357
Views
Marc-AntoineN Member since 2012 10 posts
Capgemini
Posted: 2 years ago
Last activity: 2 years ago
Closed

Using custom keystore for platform cipher

Hi,
When i try to use a keystore that is not of type Amazon Key managment service I get an error :
" MyKeystore is not of type Amazon Key Management Service"
while conforming to this pdn link https://pdn.pega.com/encryption-pega-platform/encryption-pega-platform
using Amazone KMS is a possibility but not mandatory :
"The Platform cipher that uses the AES-256 cryptographic algorithm and requires no development effort to define.
To use the Platform cipher, you need to use keys that are securely managed by your organization. The keys must employ standard techniques, such as key rotation, to protect your sensitive data. On the Data Encryption landing page, you specify the Keystore rule instance and key information that is used during encryption and decryption. The Keystore class allows you to access external keystores, including full-fledged key management systems such as Amazon Web Services Key Management System (AWS KMS). This key management system is used on Pega Cloud."

Is it or not mandatory to use KMS ? and if so, why is that ? seems not that complexe to let people choose to use KMS or they own key system, specifically as there is a lot of choice in keystores now, so it would handle every case, and it is much easier to generate a keystore for dev environments than generating a custom cipher.

Security
Moderation Team has archived post
Share this page LinkedIn