Support Questions
Find answers, ask questions, and share your expertise

BYOK (Bring Your Own Key)

BYOK (Bring Your Own Key)

New Contributor

Hi guys,

   I'm trying to understand encryptions options on HDFS, and seems that HDFS Transparent Encryption is a good option.

My question is: there is a way to use my own key (BYOK) for the encryption?

There is anyone with the same problem?

 

Many Thanks

Alessandro

1 REPLY 1
Highlighted

Re: BYOK (Bring Your Own Key)

Contributor

Hello @hammer75, currently no document suggests the use of BYOK as a backing Keystore. 

 

Cloudera offers the following two options for enterprise-grade key management:

Ref: https://docs.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hdfs_encryption.html#concept... 

 

So HDFS Data At Rest Encryption wizard in Cloudera Manager offers below 4 roots of trust for encryption keys:

  • Cloudera Navigator Key Trustee Server
  • Navigator HSM KMS backed by Thales HSM
  • Navigator HSM KMS backed by Luna HSM
  • A file-based password-protected Java KeyStore (not for Prod env)