Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

avatar

Can I use Voltage or Safenet / Key Secure as the Key Management Solution for the Encrypted Zone Keys needed for Transparent Data Encryption.

1 ACCEPTED SOLUTION

avatar

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

View solution in original post

4 REPLIES 4

avatar

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

avatar
Master Mentor

avatar
Master Mentor

avatar
New Contributor