Configuring Apache HDFS Encryption
Also available as:
PDF
loading table of contents...

Using the Ranger Key Management Service

Ranger KMS can be accessed at the Ranger admin URL, http://$hostname:6080. Note, however, that the login user for Ranger KMS is different than that for Ranger. Logging on as the Ranger KMS admin user leads to a different set of screens.

Role Separation

By default, Ranger admin uses a different admin user (keyadmin) to manage access policies and keys for Ranger KMS.

The person accessing Ranger KMS via the keyadmin user should be a different person than the administrator who works with regular Ranger access policies. This approach separates encryption work (encryption keys and policies) from Hadoop cluster management and access policy management.