Cloudera Hadoop Data Encryption at rest Notes

In Cloudera Hadoop there are few components that are used to implemented Data Encryption at rest:

  1. The Key Management Server (KMS) uses the Key Trustee Server as the enderlying keystore instead of the file-based Java KeyStore(JKS) used by the default Hadoop KMS.
  2. Cloudera Navigator Key Trustee Server is the actual keystore for the encryption keys
  3. Cloudera Navigator Key HSM is a universal hardware security module (HSM) driver that translates between the target HSM platform and Cloudera Navigator Key Trustee Server. With Navigator Key HSM, you can use a Key Trustee Server to securely store and retrieve encryption keys and other secure objects, without being limited solely to a hardware-based platform.


Hive/HDFS/Namenode file ===> Key Trustee KMS ===> Key Trustee Server ===> Key HSM 


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.