Migrating keys from Key Trustee Server to Ranger KMS
You can migrate keys from Key Trustee Server to Ranger KMS DB.
Important considerations before migrating the keys.
Ranger KMS KTS keys are case sensitive but Ranger KMS DB keys are case insensitive. This means, it is possible to have the following keys in KMS KTS:
- KEY1 // All in capital case
- key1 // All in small case
- Key1 // Mix of both
KMS DB always stores the key names in lower case, even if you provide the key name in uppercase.It will error out when attempting to create duplicate keys with different cases. During Hadoop key migration, this may cause issues. For instance, only one of key listed above will be imported.
Impact:
- Scenario 1: If you have a combination of such keys (with different cases) , only one key will be migrated. The migration tool will ignore the other keys.
- Scenario 2: If you have keys in any cases but no duplicates ,then after migration it will be stored in lowercase and will be visible on UI in lowercase.
