Securing the Key Management Server (KMS)
Cloudera provides the following implementations of Key Mangement Server (KMS): Ranger KMS with database, Ranger KMS with Key Trustee Server and Ranger KMS with Key Trustee Server and Key HSM (if HSM support is required) You can secure the KMS using Kerberos, TLS/SSL communication, and access control lists (ACLs) for operations on encryption keys.
Cloudera Manager instructions can be performed for both Ranger KMS and Ranger KMS with KTS.