Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

BYOK (Bring Your Own Key)

BYOK (Bring Your Own Key)

New Contributor

Hi guys,

   I'm trying to understand encryptions options on HDFS, and seems that HDFS Transparent Encryption is a good option.

My question is: there is a way to use my own key (BYOK) for the encryption?

There is anyone with the same problem?

 

Many Thanks

Alessandro

1 REPLY 1
Highlighted

Re: BYOK (Bring Your Own Key)

Cloudera Employee

Hello @hammer75, currently no document suggests the use of BYOK as a backing Keystore. 

 

Cloudera offers the following two options for enterprise-grade key management:

Ref: https://docs.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hdfs_encryption.html#concept... 

 

So HDFS Data At Rest Encryption wizard in Cloudera Manager offers below 4 roots of trust for encryption keys:

  • Cloudera Navigator Key Trustee Server
  • Navigator HSM KMS backed by Thales HSM
  • Navigator HSM KMS backed by Luna HSM
  • A file-based password-protected Java KeyStore (not for Prod env)
Don't have an account?
Coming from Hortonworks? Activate your account here