If running, stop the Ranger KMS server.

Go to the Ranger KMS directory: /usr/hdp/version/ranger-kms.

	Note
	DB details must be correctly configured to which KMS needs migration to (located in the xml config file of Ranger KMS).

Run ./HSMMK2DB.sh provider HSM_PARTITION_NAME

For example:

Enter the partition password.

After the migration is completed: if you want to run Ranger KMS according to the new configuration (either with HSM enabled or disabled,) update the Ranger KMS properties if required.

Start Ranger KMS.

Note : After migration, when Ranger KMS is running with HSM disabled: from HSM, clear the Master Key object from the partition if it is not required as Master Key already being migrated to DB.

Deleting the master key is a destructive operation. If the master key is lost, there is potential data loss - data under encryption zones cannot be recovered. Therefore, it is a best practice to keep backups of the master key in DB as well as HSM.