We are trying to configure a KMS key store ( and eventually refer in platform cipher in application data encryption). The Key store rule form is not able to recognize the customer master key ID of the key that we create in an Azure key vault.
we tried to give full identifier , just key ID ..either way it is throwing error saying "Provide valid Customer master key ID" ..Any inputs on what should be correct format or if we are missing anything
we created the KMS vault and key like above . From the azure documentation link give above we did create a key like that but pega is not accepting the key identifier ( http:/...../) or just the key ( dfxxxxxxx) in customer master key ID as a valid value
Posted: 1 year ago
Posted: 17 Mar 2022 10:54 EDT
Ryan Taylor (rwtaylor)
BPM-Pega Solution Architect
I confirmed with Pega there is a bug in 8.6.x that prevents saving this rule due to a mismatch in the imbus-oauth-sdk jar. It should be resolved in 8.6.4 but as a work around importing nimbus-oauth-sdk jar version 6.18.1 to the Customer ruleset and restarting the system should resolve it. - https://mvnrepository.com/artifact/com.nimbusds/oauth2-oidc-sdk/6.18.1
in the logs I have an issue the it could not connect using the configured credentials. And honestly I am surprised it could work because to get a token, we should also provide a tenant id and there is no field to provide it to Pega.
Posted: 1 year ago
Posted: 18 May 2022 10:31 EDT
Manoj Sarvepalli (MANOJPDN)
Import in Pega environment. (Configure → Application → Distribution → Import) and restart
1.Create static route in VPN for the hosts ( ipaddress) involved.
2.Created private hosted zone to the hosts ( ipaddress) involved and created a DNS mapping
Note : we are able to then create and use the keystore and test connectivity is successful and use it with above to encrypt certain properties
Side note : However we have seen during POC testing if something goes wrong and system is unable to access for encryption, this encryption scope is going beyond for what we wanted to ( for example if pega cant connect , it is effecting email account passwords and listeners are failing. )