Pega Platform creates an initial customer data key (CDK) based Customer master key (CMK) (configured in KMS/KeyStore instance).
The CDKs are stored in encrypted format in the Pega database. On node start up, KMS is called to decrypt the CDKs stored in the Pega database, using your master key.
Customer data key (CDK) is used by Pega Platform for actual encryption and decryption purpose.
We are looking answers for below questions. Please suggest
Is generated Customer data key (CDK) is stored in cache memory as well for quick access? or it referred each time from database for data encryption/decryption?
What is the duration (in minutes/hours/second) for which Customer data key (CDK) is maintained in cache memory ?
What is the impact of the server restart with respect to the Customer data key (CDK) maintenance/initialization?
1.Is generated Customer data key (CDK) is stored in cache memory as well for quick access? or it referred each time from database for data encryption/decryption? ans)CDKs cached in encrypted form to avoid frequent DB access.
2.What is the duration (in minutes/hours/second) for which Customer data key (CDK) is maintained in cache memory ? ans)We are using size based cache eviction policy so old cache entry will be removed once cache is full.
3. What is the impact of the server restart with respect to the Customer data key (CDK) maintenance/initialization? ans)The server restart clears the CDK cache. CDKs will be loadded to cache on demand. CDK cache does not face any issue with server restart.