Working with an HSM

How to integrate Cloudera Data Encryption components to provide enterprise data encryption solutions.

Ranger Key Mangement System (KMS)

Consists of Ranger KMS Ranger KMS providing enterprise-grade key management with a backend database that provides key storage.

Install Ranger KMS using CM > Administration > Security > HDFS Encryption Wizard.
Install a seperate database to store keys.
For more information, see related links.

Ranger KMS and HSM

Consists of Ranger KMS and database integrated with a backend hardware security module (HSM). In this solution, Ranger KMS provides enterprise-grade key management, HSM provides encryption zone key protection. HSM stores only the encryption master key.

Install Ranger KMS using CM > Administration > Security > HDFS Encryption Wizard.
Install a seperate database to store keys.
Obtain and integrate one of the following hardware security modules (HSM) supplied by a vendor.
- Luna 7
- CipherTrust
- GCP Cloud HSM
- Azure Key Vault
For more information, see related links.