Description
Integrate Ranger KMS with CloudHSM to manage master keys.
Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store the master key.
This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".
It would be nice if we can use CloudHSM instead of using "KMS_MASTER_KEY_PASSWD" to encrypt the master key.
This will add an extra layer in the Key Hierarchy.
Attached is the high level architecture of the current Hadoop KMS and the proposed change to integrate with CloudHSM.