[
https://issues.apache.org/jira/browse/RANGER-723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15023151#comment-15023151
]
MB commented on RANGER-723:
---------------------------
Or better yet, swap in support for KMIP, which in turn lets the customer choose
the KMS that is the best fit for their overall security needs…..
> Ranger-KMS – CloudHSM Integration
> ---------------------------------
>
> Key: RANGER-723
> URL: https://issues.apache.org/jira/browse/RANGER-723
> Project: Ranger
> Issue Type: New Feature
> Components: kms, Ranger
> Affects Versions: 0.5.0
> Reporter: Varun Rao
> Assignee: Varun Rao
> Priority: Minor
> Attachments: Hadoop KMS.png, Ranger KMS - CloudHSM integration.png
>
>
> Integrate Ranger KMS with CloudHSM to manage master keys.
> Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store
> the master key.
> This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".
> It would be nice if we can use CloudHSM instead of using
> "KMS_MASTER_KEY_PASSWD" to encrypt the master key.
> This will add an extra layer in the Key Hierarchy.
> Attached is the high level architecture of the current Hadoop KMS and the
> proposed change to integrate with CloudHSM.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
