Skip to content

Migrate Ranger KMS Master Key

The following steps will migrate the master key of Ranger KMS from its database to the Azure Key Vault.

  1. Run the following commands to enter the Ranger KMS shell.

    Docker Shell

    cd /home/ec2-user/privacera/docker
    ./privacera_services shell ranger-kms

    Kubernetes Shell

    In the variable, <NAMESPACE>, provide your namespace.

    kubectl get pods -n <NAMESPACE>
    kubectl exec -it <ranger_kms_pod_name> -n <NAMESPACE> -- bash
  2. Run the following commands to run the migration script.

    bash <azureMasterKeyName> <azureMasterKeyType> 
    <zoneKeyEncryptionAlgo> <azureKeyVaultUrl> <azureClientId> <isSSLEnabled:true/false> 
    <clientSecret / Certificate Path>

    Parameter Description
    <azureMasterKeyName> Name of the Master Key you want to migrate.
    <azureMasterKeyType> Type of the Master Key. For example, RSA
    <zoneKeyEncryptionAlgo> Encryption algorithm used in the Master Key. For example, RSA_OAEP 
    <azureKeyVaultUrl> Azure Key Vault URL. To get the URL, click here.
    <azureClientId> Azure Client ID. To get the ID, click here.
    <isSSLEnabled:true/false> Enable SSL. For example, true 
    <clientSecret / Certificate Path>

    If the authentication is done without SSL enabled, get the client secret. For more information, click here.

    If the authentication is done with SSL enabled, get the certificate secret. For more information, click here.