I have a couple of questions about kms. I went through this article Transparent Data Encryption Explained . We are using HDP 2.6.5 with Ranger and Ranger KMS 0.7. We use postgres as a backend db for keys.
1. As far as I understand only DEK and Master Key are stored in postgres db, correct?
2. I deploy the cluster within Ambari blueprints . How can I verify that master key has been deployed/hashed in a proper way?
3. In terms of backup, do we have to backup either EDEK, EZK keys and postgres db? Or is postgresdb enough?