I have a Java client that talks to two different HDP clusters (one for reading data and the other to write data). I have currently successfully setup Ranger KMS on one of my clusters and I am able to successfully read/write data from my Java client into an encrypted zone in my cluster. Apart from setting the right policies in KMS, all I had to do was update the hdfs-site.xml and core-site.xml to point to my KMS instance. E.g of my hdfs-site.xml changes: <property> <name>dfs.encrypt.data.transfer.cipher.suites</name> < value >AES/CTR/NoPadding</ value > </ property > < property > < name >dfs.encryption.key.provider.uri</ name > < value >kms://http@< KMS_FQDN >:9292/kms</ value > </ property > However, I want to eventually setup Ranger KMS on both my clusters. Once I do that, my Java client would have to read files from one encrypted zone in cluster #1 and write data to another encrypted zone in cluster #2. They will both be managed as separate KMS instances. How would I set this up? Would I have to include two separate properties in my hdfs-site and core-site? or would the dfs.encryption.key.provider.uri property support a comma separated list of KMS hosts from 2 separate clusters? E.g: < property > < name >dfs.encryption.key.provider.uri</ name > < value >kms://http@<CLUSTER_1_ KMS_FQDN >; <CLUSTER_2_ KMS_FQDN > :9292/kms</ value > </ property > Could someone please help? Thanks, Amit ... View more