[RANGER-723] Ranger-KMS – CloudHSM Integration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 0.5.0
Fix Version/s: None
Component/s: kms, Ranger
Labels:
None

Description

Integrate Ranger KMS with CloudHSM to manage master keys.

Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store the master key.
This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD".

It would be nice if we can use CloudHSM instead of using "KMS_MASTER_KEY_PASSWD" to encrypt the master key.

This will add an extra layer in the Key Hierarchy.

Attached is the high level architecture of the current Hadoop KMS and the proposed change to integrate with CloudHSM.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Hadoop KMS.png
05/Nov/15 23:22
33 kB
Varun Rao
Ranger KMS - CloudHSM integration.png
05/Nov/15 23:23
40 kB
Varun Rao

Activity

People

Assignee:: Varun Rao

Reporter:: Varun Rao

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 05/Nov/15 23:20

Updated:: 24/Nov/15 21:47