Integrating Ranger KMS DB with Google Cloud HSM

How to integrate Ranger KMS DB with Google Cloud HSM

This task describes how to integrate Ranger KMS DB with Google Cloud Platform (GCP) Hardware Security Module (HSM). This process includes setting up the GCP HSM service on a client (host), configuring Ranger KMS with GCP, or migrating the Master Key storage from the KMS database to the Google Cloud HSM.

Ensure you can log in to the Google cloud console using your accout. (Requires Google account access).
Ensure you have Java (jdk1.8.0.232) installed.

Set Up Google Cloud HSM

Log in to Google Cloud console using Cloudera account.
Create the service account by selecting or creating the Project.
Create the key.
Download and save the key in JSON format.

note
Record the project ID, Location ID and save the JSON file.
In GCP Console > Key Management create the key ring.

Figure 1. Creating a key ring in Google Cloud Platform

This example shows a project gcp-eng-sdx-daily, region Global, and key ring RangerKMSRing.

The key ring is created.