Securing the Key Management Server (KMS)
Cloudera provides the following implementations of the Hadoop KMS: Java KeyStore KMS, Key Trustee KMS, Navigator KMS Services backed by Thales HSM, and Navigator KMS Services backed by Luna HSM. You can secure the KMS using Kerberos, TLS/SSL communication, and access control lists (ACLs) for operations on encryption keys.
Cloudera Manager instructions can be performed for both Key Trustee KMS and Java KeyStore KMS deployments. Command-line instructions apply only to Java KeyStore KMS deployments. Key Trustee KMS is not supported outside of Cloudera Manager.