Integrating Key HSM with Key Trustee Server
Using a hardware security module with Navigator Key Trustee Server requires Key HSM. This service functions as a driver to support interactions between Navigator Key Trustee Server and the hardware security module, and it must be installed on the same host system as Key Trustee Server.
- Prepare Existing Keys for Migration
In this procedure, you are prompted to migrate any existing keys from the Key Trustee Server to the HSM. Successful migration depends on the existing keys conforming to the following constraints:
- Key names can begin with alpha-numeric characters only
- Key names can include only these special characters:
- Hyphen
-
- Period
.
- Underscore
_
- Hyphen
To prepare for migration, check your key names and do the following if any of them are non-conforming:- Decrypt any data using the non-conforming key.
- Create a new key, named as desribed above.
- Re-encrypt the data using the new key.
- Both Key HSM and Key Trustee Server must be set up and running. See Installing Cloudera Navigator Key HSM for details.