Configuring Apache HDFS Encryption
Also available as:
PDF
loading table of contents...

Store Master Key in a Hardware Security Module (HSM)

PCI compliance requires that keys are stored in Hardware Security Modules (HSMs) rather than a software KMS. For example, this is required for financial institutions working with customer credit/debit card terminals. This section explains how to store keys in an HSM.

You must have a separate partition for each KMS cluster.
HSM Integration Flow