[
https://issues.apache.org/jira/browse/RANGER-723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Rao updated RANGER-723:
-----------------------------
Description:
Integrate Ranger KMS with CloudHSM to manage master keys.
Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store
the master key.
This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".
It would be nice if we can use CloudHSM instead of using
"KMS_MASTER_KEY_PASSWD" to encrypt the master key.
This will add an extra layer in the Key Hierarchy.
Attached is the high level architecture of the current Hadoop KMS and the
proposed change to integrate with CloudHSM.
was:
Integrate Ranger KMS with CloudHSM to manage master keys.
Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store
the master key.
This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".
It would be nice if we can use CloudHSM instead of using
"KMS_MASTER_KEY_PASSWD" to encrypt the master key.
This will add an extra layer in the Key Hierarchy.
> Ranger-KMS – CloudHSM Integration
> ---------------------------------
>
> Key: RANGER-723
> URL: https://issues.apache.org/jira/browse/RANGER-723
> Project: Ranger
> Issue Type: New Feature
> Components: kms, Ranger
> Affects Versions: 0.5.0
> Reporter: Varun Rao
> Assignee: Varun Rao
> Priority: Minor
> Attachments: Hadoop KMS.png, Ranger KMS - CloudHSM integration.png
>
>
> Integrate Ranger KMS with CloudHSM to manage master keys.
> Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store
> the master key.
> This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".
> It would be nice if we can use CloudHSM instead of using
> "KMS_MASTER_KEY_PASSWD" to encrypt the master key.
> This will add an extra layer in the Key Hierarchy.
> Attached is the high level architecture of the current Hadoop KMS and the
> proposed change to integrate with CloudHSM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
