Page created: 12 Sep 2019
|
Page updated: 19 Mar 2020
During initial startup, PingFederate automatically generates a randomized master
key, which by default is not encrypted. If you are running in AWS, you can configure
PingFederate to use Amazon Key Management Services (KMS) to encrypt the master
key.
- Make sure that you have an active connection to AWS.
- Use AWS KMS to generate a key to use for the PingFederate master key encryption.
- Refer to https://docs.aws.amazon.com/kms/latest/developerguide/overview.html for general information about how you can manage access rights to your keys using key policies or AWS Identity and Access Management (IAM).
To configure the encryption of the PingFederate master key, modify two files: hivemodule.xml and com.pingidentity.crypto.jwk.MasterKeySet.xml.