[jira] [Commented] (RANGER-3580) Support Ranger KMS integration with TencentKMS

kirby zhou (Jira) Wed, 09 Feb 2022 04:29:07 -0800


    [ 
https://issues.apache.org/jira/browse/RANGER-3580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489511#comment-17489511
 ]


kirby zhou commented on RANGER-3580:
------------------------------------

TencentKMS is something like Microsoft Azure KeyVault, provided by Tencent 
Cloud, one of china's top cloud providers. It also named as "T-Sec 密钥管理系统".

We use it as masterKey provider of RangerKMS.

All configurations you need is the following list.
# TencentKMS deployment configuration # The following configuration is added to 
the install.properties # Do you use Tencent Cloud KMS? TENCENT_KMS_ENABLED=true 
# MasterKeyID on Tencent Cloud 
TENCENT_MASTERKEY_ID=b756b016-6e11-11ec-a735-525400fe0300 # Login ID 
TENCENT_CLIENT_ID=AKIDrXx6ybx2qNdiaBWaNs76pGQJvFJ6crpW # Login password 
TENCENT_CLIENT_SECRET=<password># Tencent Cloud area, see Tencent Cloud SDK for 
details. TENCENT_CLIENT_REGION=ap-beijing
 

1. you should have a Tencent Cloud account.

Please Visit  
[https://intl.cloud.tencent.com/|https://intl.cloud.tencent.com/?lang=en] or 
[https://cloud.tencent.com|https://cloud.tencent.com/]

 

2. Apply a KMS 

 

[https://intl.cloud.tencent.com/products/kms] or 
[https://cloud.tencent.com/product/kms]

 

3. Create a Key in Tencent KMS at you selected region.

You should create an key id here, then use it as "TENCENT_MASTERKEY_ID".

region code list is here:

[https://intl.cloud.tencent.com/document/product/628/33133]

 

4. Create you client id/secret, and assign the privilege of key to it 

It may be called as "SecretId" and "SecretKey"

Fill TENCENT_CLIENT_ID=SecretId

Fill TENCENT_CLIENT_SECRET=SecretKey

Chinese doc is here [https://cloud.tencent.com/document/api/362/4208]

I am sorry, I have not found the exactly doc in English. You can check it in 
[https://intl.cloud.tencent.com/document/product]

 

5. Fill the other parts of install.properties, such as you database JDBC, your 
Kerberos....

6. run setup.sh

 

> Support Ranger KMS integration with TencentKMS
> ----------------------------------------------
>
>                 Key: RANGER-3580
>                 URL: https://issues.apache.org/jira/browse/RANGER-3580
>             Project: Ranger
>          Issue Type: New Feature
>          Components: kms
>    Affects Versions: 3.0.0
>            Reporter: kirby zhou
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: 0001-add-TencentKMS-as-MasterKeyProvider-1.patch, 
> 0001-add-TencentKMS-as-MasterKeyProvider.patch
>
>
> Want Ranger KMS can work with more Key Vault Provider as its backend.
> Such as Tencent KMS, AliCloud KMS, AWS KMS.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3580) Support Ranger KMS integration with TencentKMS

Reply via email to