Integrating Components for Encrypting Data at Rest
How to integrate Cloudera Data Encryption components to provide enterprise data encryption solutions.
Ranger Key Mangement System (KMS)
Consists of Ranger KMS Ranger KMS providing enterprise-grade key management with a backend database that provides key storage.
- Install Ranger KMS using .
- Install a seperate database to store keys.
For more information, see related links.
Ranger KMS and HSM
Consists of Ranger KMS and database integrated with a backend hardware security module (HSM). In this solution, Ranger KMS provides enterprise-grade key management, HSM provides encryption zone key protection. HSM stores only the encryption master key.
- Install Ranger KMS using .
- Install a seperate database to store keys.
- Obtain and Integrate one of the following hardware security modules (HSM) supplied by a
vendor.
- Luna 6 or 7
- CipherTrust
- GCP Cloud HSM
- Azure Key Vault
For more information, see related links.
Ranger KMS and Key Trustee Server (KTS)
Consists of Ranger KMS providing enterprise-grade key management and the Key Trustee Server key store that stores and manages cryptographic keys and other security artifacts.
- Install Ranger KMS backed by KTS using .
Ranger KMS, KTS, and Key HSM
Consists of Ranger KMS, KTS and Key HSM which provides seamless integration of all Cloudera encryption components with a HSM added.
- Install Ranger KMS backed by KTS using .
- Obtain and Integrate one of the following hardware security modules (HSM) supplied by a
vendor.
- Luna 6 or 7
- CipherTrust
- GCP Cloud HSM
- Azure Key Vault
For more information, see