Also available as:
loading table of contents...
Install Ranger KMS HSM via Ambari with JCEKS


Install the SafeNet Luna SA Client Software


You must have a separate partition for each KMS cluster.


  1. Installing the Ranger Key Management Service

  2. While configuring add the HSM related properties in Advanced dbks-site Menu (dbks-site.xml):

    • ranger.ks.hsm.enabled=true

    • Name

    • ranger.ks.hsm.partition.password=_

    • ranger.ks.hsm.partition.password.alias=ranger.kms.hsm.partition.password

    • ranger.ks.hsm.type=LunaProvider

  3. Click on Next and follow the instructions to install Ranger KMS.

    Ranger KMS will fail to start (expected behavior).

  4. Execute this command on the cluster where Ranger KMS is installed:

    python /usr/hdp/current/ranger-kms/ -l "/usr/hdp/current/ranger-kms/cred/lib/*" -f /etc/ranger/kms/rangerkms.jceks -k ranger.kms.hsm.partition.password -v <Partition_Password> -c 1
  5. Restart the KMS from Ambari.