Setting Up Data at Rest Encryption for HDFS
This section describes how to enable end-to-end data encryption to-and-from HDFS. For optimal performance, High Availability (HA) is also provided.
Depending on your encryption key root trustee requirements, you can enable HDFS encryption with one of the following options:
- Ranger Key Management Service backed by Key Trustee Server, which sources the encryption zone keys from a backing Ranger Key Trustee Server and includes HA.
- Ranger Key Management Service backed by Database, which sources the encryption zone keys from a backing Database and includes HA.
- A file-based password protected Java Keystore, which adds the Java KeyStore KMS service to the cluster. The Java KeyStore KMS service uses a password-protected Java KeyStore for cryptographic key management. This option does not include HA.