Question
Lloyds Banking Group PLC
GB
Last activity: 17 Jul 2019 10:51 EDT
Supported KMS from PEGA
v7.3.1
When I went through this link below a while ago for the capabilities supported for encryption, AWS KMS was the only supported KMS while a colleague of mine pointed out today that additional KMS support has been added now.
https://community.pega.com/knowledgebase/encryption-pega-platform
snippet from the link here -
The Keystore class allows you to implement a "bring your own key" (BYOK) approach to encryption of application and internal system data, where you control and manage the master key that is used by Pega Platform for encryption. Supported key management systems include Amazon Web Services Key Management Service (AWS KMS), HashiCorp Vault, Microsoft Azure Key Vault, and Google Cloud KMS. You can also use a data page to define custom access to any other external key management system.
Questions:
v7.3.1
When I went through this link below a while ago for the capabilities supported for encryption, AWS KMS was the only supported KMS while a colleague of mine pointed out today that additional KMS support has been added now.
https://community.pega.com/knowledgebase/encryption-pega-platform
snippet from the link here -
The Keystore class allows you to implement a "bring your own key" (BYOK) approach to encryption of application and internal system data, where you control and manage the master key that is used by Pega Platform for encryption. Supported key management systems include Amazon Web Services Key Management Service (AWS KMS), HashiCorp Vault, Microsoft Azure Key Vault, and Google Cloud KMS. You can also use a data page to define custom access to any other external key management system.
Questions:
1) From which version of PEGA can I now connect to the additional KMS other than AWS?
2) Is it only supported from a cloud system?
3) Also, the help document for 8.2 still suggests we can only use AWS KMS. Is this to be updated based on the details from the link above?
Accepted Solution
Pegasystems Inc.
US
The article in the OP is referring to Pega Platform 8.3, and was prematurely published. Prior to 8.3 we support AWS KMS and custom source, as described here: https://community.pega.com/sites/default/files/help_v82/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-keystore/creating-a-data-page-for-a-master-key-from-a-custom-source-tsk.htm
I will look into backing out that part of the article until after 8.3 has been released.
Pegasystems Inc.
US
Not be taken as official answer, but I have checked internal environments and here are my observation:
1) From which version of PEGA can I now connect to the additional KMS other than AWS?
I can only see support of other KMS from the upcoming 8.3+ ( yet to be released but should be soon)
2) Is it only supported from a cloud system?
Should be available for all pegacloud or on-prem.
Not be taken as official answer, but I have checked internal environments and here are my observation:
1) From which version of PEGA can I now connect to the additional KMS other than AWS?
I can only see support of other KMS from the upcoming 8.3+ ( yet to be released but should be soon)
2) Is it only supported from a cloud system?
Should be available for all pegacloud or on-prem.
3) Also, the help document for 8.2 still suggests we can only use AWS KMS. Is this to be updated based on the details from the link above?
In 8.2, I can only see AWS KMS support.
Lloyds Banking Group PLC
GB
Thank you for your response. Appreciate it.
Is there any way this can be officially confirmed other than waiting for 8.3 to be released?
Also it is a bit mis-leading in that the link I provided above is still only tagged against 7.3.1 (article updated as recently as June 2019) but if the extra KMS support is not applicable for 7.3.1, then it might be better to be called out explicitly.
Pegasystems Inc.
IN
Hello!
We cannot confirm this officially on our community. Release schedules are internal to Pega.
Thank you for the feedback on the article. We will reach out to the Documentation team with this feedback.
Regards,
Lloyds Banking Group PLC
GB
Also can see these topic available under the above link but cannot be accessed by me nor any of my colleagues so assuming this is still not available to the general public? :)
https://community.pega.com/knowledgebase/creating-keystore-instance-external-key-management-service
Accepted Solution
Pegasystems Inc.
US
The article in the OP is referring to Pega Platform 8.3, and was prematurely published. Prior to 8.3 we support AWS KMS and custom source, as described here: https://community.pega.com/sites/default/files/help_v82/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-keystore/creating-a-data-page-for-a-master-key-from-a-custom-source-tsk.htm
I will look into backing out that part of the article until after 8.3 has been released.
Lloyds Banking Group PLC
GB
Thank you. Just to summarize, AWS KMS is the only supported key store for PEGA at this moment. The details in the article are related to an upcoming release potentially?
[Edited] Apologies, didn't refresh my page when I posted this message so missed the response above. Thank you for confirming the details