The policy engine supports the use of PIPs to dynamically retrieve data from external services at runtime. In these cases, the policy engine can use a client certificate contained in a Java KeyStore (JKS) or PKCS12 key store.
When using embedded PDP mode, the key store containing the client certificate is represented in the PingDataGovernance Server configuration as a Key Manager Provider, which is then assigned to the Policy Decision Service.
The following example creates a Key Manager Provider named
MyClientCertKeystore and makes it available to the policy
dsconfig create-key-manager-provider \ --provider-name MyClientCertKeystore \ --type file-based \ --set enabled:true \ --set key-store-file:<full path to a key store> \ --set key-store-type:JKS \ --set key-store-pin:<key store password> dsconfig set-policy-decision-service-prop \ --set service-key-store:MyClientCertKeystore
you define the PIP in the Trust Framework, you can refer to the key store that you
configured, using the name