When using embedded PDP mode, policy configuration keys are stored in the PingAuthorize Server configuration, and the server provides the policy configuration key values to the policy engine at runtime. This allows the Trust Framework to refer to data such as hostnames and credentials without needing those values to be hard-coded in the Trust Framework.


Policy configuration key values are stored in encrypted form in the PingAuthorize Server configuration, so they are suitable for storing sensitive values such as server credentials.

Use dsconfig or the administrative console to define policy configuration keys. If using the administrative console, you can find policy configuration keys in the Policy Decision Service configuration.

The following example shows how to create a policy configuration key named ConsentServiceBaseUri with the value https://example.com/consent/v1.

dsconfig create-policy-configuration-key \
 --key-name ConsentServiceBaseUri \
 --set policy-configuration-value:https://example.com/consent/v1

To learn how to use a policy configuration key in the Trust Framework, see Environment-specific Trust Framework attributes.