Key Rotation on Custom Cipher
How to Handle existing cases encrypted with old key when we need to migrate to new key.
Is there any OOTB functions?
HCA Healthcare
US
@AnoopTo handle existing cases encrypted with an old key during key rotation, maintain both old and new keys temporarily. Create a process to decrypt data using the old key and re-encrypt it with the new key, updating the records. Ensure new cases use only the new key for encryption. Use Pega Job Schedulers or Queue Processors to automate the re-encryption task without disrupting system performance. Leverage Pega’s pxDecrypt and pxEncrypt functions or integrate with external Key Management Systems (KMS) for secure key handling. Validate the re-encryption process to confirm all cases are updated and ensure the old key is retired once the migration is complete. Test the entire process in a lower environment and maintain detailed logs for audit and troubleshooting
societe generale
IN
@SairohithThanks For your Reply. Major problem is how doe we encrypt and decrypt with keys specified. is there any OOTB functions that will be taking key as a parameter
HCA Healthcare
US
@AnoopIn Pega, there are no direct OOTB functions that allow you to specify a key as a parameter for encryption or decryption. However, you can achieve this by extending Pega's capabilities. You can create a custom Java function or activity using the java.security library to handle encryption and decryption with a specified key. Alternatively, integrate with an external Key Management System (KMS) like AWS KMS or Azure Key Vault to manage keys dynamically. While Pega’s pxEncrypt and pxDecrypt functions don't allow specifying a key directly, you can customize these rules or create new ones to pass the key parameter. For sensitive operations like this, ensure robust logging and security measures . Let me know if you have any question. You can also open Pega SR to cross check on the same. thanks