ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Rao (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-723) Ranger-KMS – CloudHSM Integration
Date Tue, 24 Nov 2015 21:48:10 GMT

    [ https://issues.apache.org/jira/browse/RANGER-723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15025492#comment-15025492

Varun Rao commented on RANGER-723:

Yes, we can do that. KMIP supported services like Safenet KeySecure has ability to talk to
CloudHSM for HSM integration. Do you know where i can find the generic interface that will
need to be implemented? I see Safenet KeySecure use IngrianNAE/IngrianProvider...

> Ranger-KMS – CloudHSM Integration
> ---------------------------------
>                 Key: RANGER-723
>                 URL: https://issues.apache.org/jira/browse/RANGER-723
>             Project: Ranger
>          Issue Type: New Feature
>          Components: kms, Ranger
>    Affects Versions: 0.5.0
>            Reporter: Varun Rao
>            Assignee: Varun Rao
>            Priority: Minor
>         Attachments: Hadoop KMS.png, Ranger KMS - CloudHSM integration.png
> Integrate Ranger KMS with CloudHSM to manage master keys.
> Currently Ranger KMS uses the database (rangerkms.ranger_masterkey) to store the master
> This Master key is encrypted using a property "KMS_MASTER_KEY_PASSWD". 
> It would be nice if we can use CloudHSM instead of using "KMS_MASTER_KEY_PASSWD" to encrypt
the master key. 
> This will add an extra layer in the Key Hierarchy.
> Attached is the high level architecture of the current Hadoop KMS and the proposed change
to integrate with CloudHSM.

This message was sent by Atlassian JIRA

View raw message