Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

BYOK (Bring Your Own Key)

avatar
New Contributor

Hi guys,

   I'm trying to understand encryptions options on HDFS, and seems that HDFS Transparent Encryption is a good option.

My question is: there is a way to use my own key (BYOK) for the encryption?

There is anyone with the same problem?

 

Many Thanks

Alessandro

1 REPLY 1

avatar
Expert Contributor

Hello @hammer75, currently no document suggests the use of BYOK as a backing Keystore. 

 

Cloudera offers the following two options for enterprise-grade key management:

Ref: https://docs.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hdfs_encryption.html#concept... 

 

So HDFS Data At Rest Encryption wizard in Cloudera Manager offers below 4 roots of trust for encryption keys:

  • Cloudera Navigator Key Trustee Server
  • Navigator HSM KMS backed by Thales HSM
  • Navigator HSM KMS backed by Luna HSM
  • A file-based password-protected Java KeyStore (not for Prod env)