Reply
Explorer
Posts: 17
Registered: ‎04-07-2015

Need specific info on the KMS Server

I have applied encryption to my directroeis at rest with help of Hadoop KMS. With help of Hadoop key and hdfs crypto commands, I can able to create keys, zones, ...etc. Need clarification and documentation on below. How to un-encrypt a file or directory? After Creating Keys, where it will store? Is there any way we can take backup of keys? How to restore keys after delete keys? After delete existing keys' is there any way can we use the backup keys to replace with existing keys? If restore mechanism in place. Thanks Ravi.    

Explorer
Posts: 17
Registered: ‎04-07-2015

Re: Need specific info on the KMS Server

Any update on this?


@MyCluster wrote:

I have applied encryption to my directroeis at rest with help of Hadoop KMS. With help of Hadoop key and hdfs crypto commands, I can able to create keys, zones, ...etc. Need clarification and documentation on below. How to un-encrypt a file or directory? After Creating Keys, where it will store? Is there any way we can take backup of keys? How to restore keys after delete keys? After delete existing keys' is there any way can we use the backup keys to replace with existing keys? If restore mechanism in place. Thanks Ravi.    


 

Cloudera Employee
Posts: 48
Registered: ‎08-16-2016

Re: Need specific info on the KMS Server

I have applied encryption to my directroeis at rest with help of Hadoop KMS. With help of Hadoop key and hdfs crypto commands, I can able to create keys, zones, ...etc.

 

Need clarification and documentation on below. How to un-encrypt a file or directory?

You will basically need to move the file out of the encryption zone to un encrypt the files and directory. An easy option is distcp.

 

After Creating Keys, where it will store?

If you are using java KMS there will be a java keystore which has the keys present in.

 

Is there any way we can take backup of keys?

You can backup the file.

 

How to restore keys after delete keys? After delete existing keys' is there any way can we use the backup keys to replace with existing keys? If restore mechanism in place. Thanks Ravi.    

The best way is to replace the keystore back into its place.

 

All above answers are mentioned with Java Keystore, if you are using Cloudera's KMS then let me know.

 

Announcements