During initial startup, PingAccess automatically generates a randomized master key, which by default is not encrypted. If you are running in Amazon Web Services (AWS), you can configure PingAccess to use Amazon Key Management Services (KMS) to encrypt the master key.
- Make sure that you have an active connection to AWS.
- Use AWS KMS to generate a key to use for the PingAccess master key encryption.
Note:
For more information about managing access rights to your keys using key policies or AWS Identity and Access Management (IAM), see AWS Key Management Service.
To configure the encryption of the PingAccess master key, modify the pa.jwk.properties file found in <PA_HOME>/conf.