Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Charan Teja Sri Rama (CharanTejaS1426)
Navy Federal Credit Union

Navy Federal Credit Union
US
CharanTejaS1426 Member since 2020 5 posts
Navy Federal Credit Union
Posted: Oct 20, 2020
Last activity: Dec 29, 2020
Posted: 20 Oct 2020 10:09 EDT
Last activity: 29 Dec 2020 16:07 EST
Closed

REST Service to update Keystore record (for updating FTP Private Key)

We are integrating with our Enterprise MFT (Managed File Transfer) tool to transfer the files from Azure BLOB (Pega's respository) to On-prem network folder(s). The Standard authentication method used in the integration process is UserID+Password+ClientKey (SSH private key).

Our Organization has policy of rotating SSH keys twice in a year and we are using unique key pair for each environment (DEV/INTG/STAGING/PERF/PROD). We are on Azure Cloud and our Cloud Security policy enforces to use unique key pair for each environment.

At present we have 15 Pega instances (supporting multiple Pega applications) where we need to update the keystore record manually by logging into each Pega instance, this is going to be more laborious work when the number of Pega instances increases.

REST service in Pega platform to update the Keystore record (associated with SSH private key) directly helps us a lot.

The REST service needs to accept file (private key) and keystore password (SSH pass phrase).

Please let me know if there are any alternative ways of automating this process.

***Edited by Moderator Marissa to update Content Type from Idea to Question***
To see attachments, please log in.
Pega Platform 8.4.2
Security
Financial Services
Lead System Architect

  • Raghavendra Peddabudi
Posted: 4 years ago
Updated: 3 years ago
Posted: 28 Oct 2020 7:41 EDT
Updated: 29 Dec 2020 16:06 EST
Eric Rietveld (Eric Rietveld) Principal System Architect
Pegasystems Inc.
NL

Instead of trying to automate the updating of keystores in Pega, you could investigate options for Pega to retrieve keystores externally at runtime.

For example if you're using Azure Key vault:

https://community.pega.com/knowledgebase/articles/security/85/configuring-microsoft-azure-key-vault-keystore

Or load keystores through a file or DataPage:

https://community.pega.com/knowledgebase/articles/security/85/keystores

 

To see attachments, please log in.
Posted: 3 years ago
Updated: 3 years ago
Posted: 29 Dec 2020 12:33 EST
Updated: 29 Dec 2020 16:06 EST
Charan Teja Sri Rama (CharanTejaS1426)
Navy Federal Credit Union

Navy Federal Credit Union
US

Hi Eric,

Thanks for responding to my question.

Currently, Pega supports Azure Key Vault integration at Application Encryption level only. It is not working in FTP rule.

It allows me to select the KeyStore rule (Azure KeyVault configuration) but it's not pulling the key at runtime.

 

Regarding the data page approach, for FTP to work the "KeyStore type" should be "KEY" but if I use data page as the source then it is not allowing me to select KeyStore type as KEY. The displayed values are "JKS, PKCS12 and JWK".

 

Please let us know if there are any other alternatives.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice