Upgrading Key Trustee KMS

Upgrading from CDH to CDP automatically replaces your existing Key Trustee KMS service with Ranger KMS. Your Key Trustee KMS ACLs are converted to Ranger policies.

When you upgrade from CDH 5 or 6 to CDP 7.1.1+, the Cloudera Manager removes your existing Key Trustee KMS installation and installs Ranger KMS. Next, Key Trustee KMS ACLs are converted to Ranger policies. Some ACLs are not supported and will be ignored by Ranger KMS.

This process is entirely automatic. There are links below to help you learn about your new KMS service: how the ACL conversion process works, which ACLs are not supported, and how Ranger KMS policy evaluation works.