Question
Bank of Nova Scotia
CA
Last activity: 9 Oct 2020 7:06 EDT
Azure Repository - use of KeyVault and Private Endpoint Connections
I am working on a PoC to integrate Pega with an Azure Storage Account as a Repository. Based on default settings in Azure, I am able to integrate with my Azure Storage Account, and used a Blob Storage container. However, I understand these default settings in Azure may not meet security requirements of the bank. I am looking for assistance for the following two questions:
1. When I connected to my Azure Storage Account, I used the access key of the storage account. I copied the key from the Azure Portal and pasted that into an Authentication Profile for Azure. Can this key be stored in a Azure Key Vault, and reference that from the Authentication Profile? What will be the procedure for this?
2. I have set the Firewalls and Virtual Networks screen in the Azure Portal to allow access from All Networks. Is there any instruction in the Pega side set up so that I can use Private Endpoint Connections?
Pegasystems Inc.
US
1. I don't believe that is possible at least not OOTB. But you may want to explore the possibility of using OAuth2 in the auth profile instead of OOTB MS Azure...
2. Not aware of anything, I assume your bank requires Private Endpoint Connections?
De Volksbank
NL
Can you please try the below and let me know if it works for you?
1) Create data page to invoke the AKV oauth api and getsecret api to retrieve the account key from AKV and set the value to pyPassword.
2) Create a 'ABC' Page type property and refer the data page created in step 1
3) In the Account Key field on the authentication profile - Mention ABC.pyPassword instead of the hardcoded account key value.