Integrate Ranger KMS with CloudHSM to manage master keys. Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store the master key. This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".
It would be nice if we can use CloudHSM instead of using "KMS_MASTER_KEY_PASSWD" to encrypt the master key. This will add an extra layer in the Key Hierarchy. Attached is the high level architecture of the current Hadoop KMS and the proposed change to integrate with CloudHSM. https://issues.apache.org/jira/browse/RANGER-723 Varun Rao Accenture Analytics Email: [email protected]<mailto:[email protected]> ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com
