In Cloudera Hadoop there are few components that are used to implemented Data Encryption at rest:
- The Key Management Server (KMS) uses the Key Trustee Server as the enderlying keystore instead of the file-based Java KeyStore(JKS) used by the default Hadoop KMS.
- Cloudera Navigator Key Trustee Server is the actual keystore for the encryption keys
- Cloudera Navigator Key HSM is a universal hardware security module (HSM) driver that translates between the target HSM platform and Cloudera Navigator Key Trustee Server. With Navigator Key HSM, you can use a Key Trustee Server to securely store and retrieve encryption keys and other secure objects, without being limited solely to a hardware-based platform.
Hive/HDFS/Namenode file ===> Key Trustee KMS ===> Key Trustee Server ===> Key HSM