Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

KMS contents

Highlighted

KMS contents

New Contributor

What information is stored in KMS? Is it only the keys for the encryption zones (and their versions in case of rolled-keys)?

Will KMS also contain the DEK for each file stored under the encryption zone?

1 REPLY 1

Re: KMS contents

Guru

@Greenhorn Techie @Greenhorn Techie

Full details on Ranger KMS are found here: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.0/bk_Ranger_KMS_Admin_Guide/content/ch_ranger...

The information stored in the KMS is summarized in the UI:

10505-screen-shot-2016-12-19-at-44947-pm.png

The version is incremented each time a key is rolled over.

Regarding DEK, an encrypted DEK for each encrypted file is stored in the namenode metadata and not in Ranger.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_hdfs_admin_tools/content/hdfs-encryption...