Re: Review Request 69985: RANGER-2331 : Ranger-KMS - KeySecure HSM Integration

Wed, 20 Feb 2019 22:31:37 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69985/
-----------------------------------------------------------

(Updated Feb. 21, 2019, 6:30 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2331
    https://issues.apache.org/jira/browse/RANGER-2331


Repository: ranger


Description
-------

User story: As a security admin, I want to manage encryption keys for securing 
my Hadoop cluster files in Ranger KMS service with Safenet KeySecure crypto 
platform.


For Safenet KeySecure overview refer to: 
https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/


Acceptance Criteria:


1) Ranger KMS has ability to configure Safenet KeySecure platform to be used 
for key offload


2) Ranger KMS provides ability to provide key management functions (create 
keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform


3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure 
platform


Diffs (updated)
-----

  kms/config/kms-webapp/dbks-site.xml 0e0f2ec 
  kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION 
  kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION 
  kms/scripts/install.properties ddc779d 
  kms/scripts/setup.sh 2db05b8 
  kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 22dce0f 
  kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 1abbf8e 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
267fcf0 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 
PRE-CREATION 
  src/main/assembly/kms.xml fca6a32 


Diff: https://reviews.apache.org/r/69985/diff/3/

Changes: https://reviews.apache.org/r/69985/diff/2-3/


Testing
-------

Verified below scenario:


1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol)
2) DB to Key Secure (NAE-XML) master key Migration utility
3) Key Secure (NAE-XML) to DB master key Migration utility


Thanks,

Gautam Borad

Reply via email to