This is the documentation for Cloudera Enterprise 5.8.x. Documentation for other versions is available at Cloudera Documentation.

Installing Cloudera Navigator Key HSM

  Important: Before installing Cloudera Navigator Key HSM, see Deployment Planning for Data at Rest Encryption for important considerations.

Cloudera Navigator Key HSM is a universal hardware security module (HSM) driver that translates between the target HSM platform and Cloudera Navigator Key Trustee Server.

With Navigator Key HSM, you can use a Key Trustee Server to securely store and retrieve encryption keys and other secure objects, without being limited solely to a hardware-based platform.

Prerequisites

You must install Key HSM on the same host as Key Trustee Server. See Data at Rest Encryption Requirements for more information about encryption and Key HSM requirements.

Setting Up an Internal Repository

You must create an internal repository to install or upgrade Cloudera Navigator Key HSM. For instructions on creating internal repositories (including Cloudera Manager, CDH, and Cloudera Navigator encryption components), see Creating and Using a Package Repository for Cloudera Manager.

Installing Navigator Key HSM

  Important: If you have implemented Key Trustee Server high availability, install and configure Key HSM on each Key Trustee Server host.
  1. Install the Cloudera Repository

    Add the internal repository you created. See Modifying Clients to Find the Repository for more information.

    Import the GPG key by running the following command:
    $ sudo rpm --import http://repo.example.com/path/to/RPM-GPG-KEY-cloudera
  2. Install the CDH Repository

    Key Trustee Server and Key HSM depend on the bigtop-utils package, which is included in the CDH repository. For instructions on adding the CDH repository, see To add the CDH repository. To create a local CDH repository, see Creating a Local Yum Repository for instructions.

  3. Install Navigator Key HSM
    Install the Navigator Key HSM package using yum:
    $ sudo yum install keytrustee-keyhsm

    Cloudera Navigator Key HSM is installed to the /usr/share/keytrustee-server-keyhsm directory by default.

Page generated July 8, 2016.