Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Need specific info on the KMS Server

Need specific info on the KMS Server

Explorer

I have applied encryption to my directroeis at rest with help of Hadoop KMS. With help of Hadoop key and hdfs crypto commands, I can able to create keys, zones, ...etc. Need clarification and documentation on below. How to un-encrypt a file or directory? After Creating Keys, where it will store? Is there any way we can take backup of keys? How to restore keys after delete keys? After delete existing keys' is there any way can we use the backup keys to replace with existing keys? If restore mechanism in place. Thanks Ravi.    

2 REPLIES 2

Re: Need specific info on the KMS Server

Explorer

Any update on this?


@MyCluster wrote:

I have applied encryption to my directroeis at rest with help of Hadoop KMS. With help of Hadoop key and hdfs crypto commands, I can able to create keys, zones, ...etc. Need clarification and documentation on below. How to un-encrypt a file or directory? After Creating Keys, where it will store? Is there any way we can take backup of keys? How to restore keys after delete keys? After delete existing keys' is there any way can we use the backup keys to replace with existing keys? If restore mechanism in place. Thanks Ravi.    


 

Re: Need specific info on the KMS Server

Rising Star

I have applied encryption to my directroeis at rest with help of Hadoop KMS. With help of Hadoop key and hdfs crypto commands, I can able to create keys, zones, ...etc.

 

Need clarification and documentation on below. How to un-encrypt a file or directory?

You will basically need to move the file out of the encryption zone to un encrypt the files and directory. An easy option is distcp.

 

After Creating Keys, where it will store?

If you are using java KMS there will be a java keystore which has the keys present in.

 

Is there any way we can take backup of keys?

You can backup the file.

 

How to restore keys after delete keys? After delete existing keys' is there any way can we use the backup keys to replace with existing keys? If restore mechanism in place. Thanks Ravi.    

The best way is to replace the keystore back into its place.

 

All above answers are mentioned with Java Keystore, if you are using Cloudera's KMS then let me know.