Question
Virtusa
US
Last activity: 2 May 2022 16:21 EDT
Platform cipher - Customer data key (CDK) cache management
As per the documentation: (Ref: https://docs-previous.pega.com/security/85/encryption )
- Pega Platform creates an initial customer data key (CDK) based Customer master key (CMK) (configured in KMS/KeyStore instance).
- The CDKs are stored in encrypted format in the Pega database. On node start up, KMS is called to decrypt the CDKs stored in the Pega database, using your master key.
- Customer data key (CDK) is used by Pega Platform for actual encryption and decryption purpose.
We are looking answers for below questions. Please suggest
- Is generated Customer data key (CDK) is stored in cache memory as well for quick access? or it referred each time from database for data encryption/decryption?
- What is the duration (in minutes/hours/second) for which Customer data key (CDK) is maintained in cache memory ?
- What is the impact of the server restart with respect to the Customer data key (CDK) maintenance/initialization?
Thank you in advance.
Regards,
Abhinay
***Edited by Moderator Marije to add Support Case Details**
Accepted Solution
Updated: 2 May 2022 16:20 EDT
Pegasystems Inc.
IN
@Krishna_Das , provided answers below inline
1.Is generated Customer data key (CDK) is stored in cache memory as well for quick access? or it referred each time from database for data encryption/decryption? ans) CDKs cached in encrypted form to avoid frequent DB access. 2.What is the duration (in minutes/hours/second) for which Customer data key (CDK) is maintained in cache memory ? ans) We are using size based cache eviction policy so old cache entry will be removed once cache is full. 3. What is the impact of the server restart with respect to the Customer data key (CDK) maintenance/initialization? ans) The server restart clears the CDK cache. CDKs will be loadded to cache on demand. CDK cache does not face any issue with server restart.
Virtusa
US
Any@Krishna_Dasthoughts@Krishna_Dason@Krishna_Dasthis@Krishna_Daswill@Krishna_Dasbe@Krishna_Dasappreciated.@Krishna_DasThank@Krishna_Dasyou@Krishna_Das
Pegasystems Inc.
GB
@Krishna_Das I will check to see if our SME can help provide a response for you.
Accepted Solution
Updated: 2 May 2022 16:20 EDT
Pegasystems Inc.
IN
@Krishna_Das , provided answers below inline
1.Is generated Customer data key (CDK) is stored in cache memory as well for quick access? or it referred each time from database for data encryption/decryption? ans) CDKs cached in encrypted form to avoid frequent DB access. 2.What is the duration (in minutes/hours/second) for which Customer data key (CDK) is maintained in cache memory ? ans) We are using size based cache eviction policy so old cache entry will be removed once cache is full. 3. What is the impact of the server restart with respect to the Customer data key (CDK) maintenance/initialization? ans) The server restart clears the CDK cache. CDKs will be loadded to cache on demand. CDK cache does not face any issue with server restart.