Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

Solved Go to solution
Highlighted

Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

Can I use Voltage or Safenet / Key Secure as the Key Management Solution for the Encrypted Zone Keys needed for Transparent Data Encryption.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

4 REPLIES 4

Re: Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

Re: Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

Re: Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

Re: Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

New Contributor
Don't have an account?
Coming from Hortonworks? Activate your account here