Cloudera Docs

Enabling HDFS Encryption Using the Wizard

To accommodate the security best practice of separation of duties, enabling HDFS encryption using the wizard requires different Cloudera Manager user roles for different steps.

Launch the Set up HDFS Data At Rest Encryption wizard in one of the following ways:
  • Cluster > Set up HDFS Data At Rest Encryption

    Minimum Required Role: Key Administrator or Cluster Administrator (also provided by Full Administrator)

  • Administration > Security > Set up HDFS Data At Rest Encryption

    Minimum Required Role: Key Administrator or Cluster Administrator (also provided by Full Administrator)

  • HDFS service > Actions > Set up HDFS Data At Rest Encryption

    Minimum Required Role: Cluster Administrator (also provided by Full Administrator)

On the first page of the wizard, select the root of trust for encryption keys:
  • Cloudera Navigator Key Trustee Server
  • A file-based password-protected Java KeyStore
Cloudera strongly recommends using Cloudera Navigator Key Trustee Server as the root of trust for production environments. The file-based Java KeyStore root of trust is insufficient to provide the security, scalability, and manageability required by most production systems. More specifically, the Java KeyStore KMS does not provide:
  • Scalability, so you are limited to only one KMS, which can result in bottlenecks
  • High Availability (HA)
  • Recoverability, so if you lose the node where the Java KeyStore is stored, then you can lose access to all the encrypted data

Ultimately, the Java KeyStore does not satisfy the stringent security requirements of most organizations for handling master encryption keys.

Choosing a root of trust displays a list of steps required to enable HDFS encryption using that root of trust. Each step can be completed independently. The Status column indicates whether the step has been completed, and the Notes column provides additional context for the step. If your Cloudera Manager user account does not have sufficient privileges to complete a step, the Notes column indicates the required privileges.

Available steps contain links to wizards or documentation required to complete the step. If a step is unavailable due to insufficient privileges or a prerequisite step being incomplete, no links are present and the Notes column indicates the reason the step is unavailable.

Continue to the section for your selected root of trust for further instructions.