What information is stored in KMS? Is it only the keys for the encryption zones (and their versions in case of rolled-keys)?
Will KMS also contain the DEK for each file stored under the encryption zone?
Full details on Ranger KMS are found here: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.0/bk_Ranger_KMS_Admin_Guide/content/ch_ranger...
The information stored in the KMS is summarized in the UI:
The version is incremented each time a key is rolled over.
Regarding DEK, an encrypted DEK for each encrypted file is stored in the namenode metadata and not in Ranger.