[ https://issues.apache.org/jira/browse/RANGER-3998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834769#comment-17834769 ]
kirby zhou commented on RANGER-3998: ------------------------------------ This patch is just a simple imitation of RangerGoogleCloudHSMProvider. The work is done for using the key stored in AWS KMS as the master key of Ranger KMS. class RangerAWSKMSProvider just implements RangerKMSMKI interface. The generateMasterKey method does not actually create a masterkey, It calls AWSKMS.listAliases and AWSKMS.getKeyMetadata to verify whether the masterkey exists. The encryptZoneKey method calls AWSKMS.encrypt to encrypt zone key, and the decryptZoneKey calls AWSKMS.decrypt to decrypt. RangerKeyStoreProvider.java is modified to load and activate RangerAWSKMSProvider according to the configuration. I add 5 lines in install.properties, the meaning is * #------------------------- Ranger AWS KMS ------------------------------ AWS_KMS_ENABLED=false AWS_KMS_MASTERKEY_ID=#The id of master key in AWS KMS AWS_CLIENT_ACCESSKEY=#The access key to AWS service AWS_CLIENT_SECRETKEY=#The secret key to AWS service AWS_CLIENT_REGION=#The region of AWS service The modification of setup.sh will map the 5 properties into dbks-site.xml as * AWS_KMS_ENABLED = "ranger.kms.awskms.enabled"; * AWSKMS_MASTER_KEY_ID = "ranger.kms.awskms.masterkey.id"; * AWS_CLIENT_ACCESSKEY = "ranger.kms.aws.client.accesskey"; * AWS_CLIENT_SECRETKEY = "ranger.kms.aws.client.secretkey"; * AWS_CLIENT_REGION = "ranger.kms.aws.client.region"; And the patch do some minor changes to prevent conflicting of Tencent KMS. BTW: AWS KMS API is here: [https://docs.aws.amazon.com/kms/latest/developerguide/programming-top.html] > Support Ranger KMS integration with AWS KMS > ------------------------------------------- > > Key: RANGER-3998 > URL: https://issues.apache.org/jira/browse/RANGER-3998 > Project: Ranger > Issue Type: Improvement > Components: kms > Affects Versions: 3.0.0, 2.4.0 > Reporter: kirby zhou > Assignee: kirby zhou > Priority: Major > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > -- This message was sent by Atlassian Jira (v8.20.10#820010)