Ranger KMS
The following table contains the list of custom properties that can be configured for Ranger KMS.
Property | Description | Values | Default Value |
---|---|---|---|
RANGER_KMS_IMAGE_NAME | |||
RANGER_KMS_IMAGE_TAG | |||
RANGER_KMS_DB_HOST | |||
RANGER_KMS_DB_SSL_ENABLED | |||
RANGER_KMS_DB_SSL_REQUIRED | |||
RANGER_KMS_DB_SSL_VERIFY_CERT | |||
RANGER_KMS_DB_SSL_AUTH_TYPE | |||
RANGER_KMS_DB_ROOT_USER | |||
RANGER_KMS_DB_ROOT_PASSWORD | |||
RANGER_KMS_DB_NAME | |||
RANGER_KMS_DB_USER | |||
RANGER_KMS_DB_PASSWORD | |||
RANGER_KMS_HTTP_ENABLED | FALSE | ||
RANGER_KMS_HTTPS_KEYSTORE_FILE | /opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/{{RANGER_KMS_SSL_KEYSTORE_FILENAME}} | ||
RANGER_KMS_MASTER_KEY_PASSWORD | Property to set master key password for Ranger KMS. It is the password to encrypt the master. Once the master key and zone key are created, and if this password is changed, then you wouldn't be able to get the master key back. Also, this will impact the retrieval of data using zone key. Hence, it should be set properly at the first time itself. |
Str0ngPassw0rd | |
RANGER_KMS_HSM_TYPE | LunaProvider | ||
RANGER_KMS_HSM_ENABLED | FALSE | ||
RANGER_KMS_HSM_PARTITION_NAME | par19 | ||
RANGER_KMS_HSM_PARTITION_PASSWORD | <UPDATE_THIS_VALUE> | ||
RANGER_KMS_KEYSECURE_ENABLED | |||
RANGER_KMS_KEYSECURE_USER_PASSWORD_AUTHENTICATION | |||
RANGER_KMS_KEYSECURE_MASTERKEY_NAME | |||
RANGER_KMS_KEYSECURE_USERNAME | |||
RANGER_KMS_KEYSECURE_PASSWORD | |||
RANGER_KMS_KEYSECURE_MASTER_KEY_SIZE | |||
RANGER_KMS_KEYSECURE_LIB_CONFIG_PATH | |||
RANGER_KMS_UNIX_USER | kms | ||
RANGER_KMS_UNIX_USER_PWD | kms | ||
RANGER_KMS_UNIX_GROUP | kms | ||
RANGER_KMS_REPOSITORY_NAME | privacera_kms | ||
RANGER_KMS_XAAUDIT_SUMMARY_ENABLE | FALSE | ||
RANGER_KMS_XAAUDIT_SOLR_ENABLE | TRUE | ||
RANGER_KMS_XAAUDIT_SOLR_URL | |||
RANGER_KMS_XAAUDIT_SOLR_USER | |||
RANGER_KMS_XAAUDIT_SOLR_PASSWORD | |||
RANGER_KMS_XAAUDIT_SOLR_ZOOKEEPER | NONE | ||
RANGER_KMS_XAAUDIT_SOLR_FILE_SPOOL_DIR | /var/log/ranger/kms/audit/solr/spool | ||
RANGER_KMS_LOG_DIR | /var/log/kms | ||
RANGER_KMS_PID_DIR_PATH | /var/run/ranger_kms | ||
RANGER_KMS_DIR | $PWD | ||
RANGER_KMS_APP_HOME | $PWD/ews/webapp | ||
RANGER_KMS_TMPFILE | $PWD/.fi_tmp | ||
RANGER_KMS_LOGFILE | $PWD/logfile | ||
RANGER_KMS_MYSQL_CORE_FILE | db/mysql/kms_core_db.sql | ||
RANGER_KMS_ORACLE_CORE_FILE | db/oracle/kms_core_db_oracle.sql | ||
RANGER_KMS_POSTGRES_CORE_FILE | db/postgres/kms_core_db_postgres.sql | ||
RANGER_KMS_SQLSERVER_CORE_FILE | db/sqlserver/kms_core_db_sqlserver.sql | ||
RANGER_KMS_SQLANYWHERE_CORE_FILE | db/sqlanywhere/kms_core_db_sqlanywhere.sql | ||
RANGER_KMS_CRED_KEYSTORE_FILENAME | localjceks://file$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks | ||
RANGER_KMS_BLACKLIST_DECRYPT_EEK | hdfs | ||
CRYPTO_RANGER_ENABLE | |||
RANGER_KMS_HOST_NAME | ranger-kms | ||
RANGER_KMS_PORT | |||
RANGER_KMS_EXTERNAL_HTTP_PORT | Property to change the default port number for a secured Ranger KMS. | 9494 | |
RANGER_KMS_EXTERNAL_HTTPS_PORT | Property to change the default port number for a secured Ranger KMS. | 9393 | |
RANGER_KMS_URL | |||
RANGER_KMS_SSL_ENABLE | |||
RANGER_KMS_SSL_SELF_SIGNED | TRUE | ||
RANGER_KMS_SSL_KEYSTORE_FILE_PATH | /etc/ranger/kms/conf/{{RANGER_PLUGIN_KEYSTORE_FILENAME}} | ||
RANGER_KMS_PLUGIN_SSL_KEYSTORE_PASSWORD | |||
RANGER_KMS_SSL_KEYSTORETYPE | |||
RANGER_KMS_SSL_KEYSTORE_FILENAME | |||
RANGER_KMS_SSL_KEYSTORE_PASSWORD | |||
RANGER_KMS_SSL_TRUSTSTORE_FILE_PATH | /etc/ranger/kms/conf/{{PRIVACERA_GLOBAL_TRUSTSTORE_FILENAME}} | ||
RANGER_KMS_SSL_TRUSTSTORE_PASSWORD | |||
RANGER_KMS_KEYSTORE_PASSWORD | |||
RANGER_KMS_TRUSTSTORE_PASSWORD | |||
RANGER_KMS_KEYSTORE_ALIAS | ranger-kms-alias | ||
RANGERKMS_PLUGIN_JCEKS_STOREPASS | none | ||
RANGER_KMS_SSL_SIGNED_PEM_FULL_CHAIN | |||
RANGER_KMS_SSL_SIGNED_PEM_PRIVATE_KEY | |||
RANGER_KMS_SSL_PKCS12_PASSWORD | |||
RANGER_KMS_SSL_SIGNED_CERT_FORMAT | pem | ||
RANGER_KMS_SSL_SIGNED_PKCS12_ALIAS | ranger-kms-alias | ||
RANGER_KMS_SSL_SIGNED_PKCS12_FILE | ranger-kms.pkcs12 | ||
HSM_ENABLED | FALSE | ||
HSM_PARTITION_NAME | par19 | ||
HSM_PARTITION_PASSWORD | <UPDATE_THIS_VALUE> | ||
AZURE_KEYVAULT_ENABLED | FALSE | ||
AZURE_KEYVAULT_SSL_ENABLED | FALSE | ||
AZURE_KEYVAULT_CLIENT_ID | None | ||
AZURE_KEYVAULT_CLIENT_SECRET | None | ||
AZURE_KEYVAULT_CERTIFICATE_PATH | None | ||
AZURE_KEYVAULT_CERTIFICATE_PASSWORD | None | ||
AZURE_KEYVAULT_MASTERKEY_NAME | RangerMasterKey | ||
AZURE_KEYVAULT_MASTER_KEY_TYPE | RSA | ||
AZURE_KEYVAULT_ZONE_KEY_ENCRYPTION_ALGO | RSA_OAEP | ||
AZURE_KEYVAULT_URL | None | ||
AZURE_KEYVAULT_CERT_FILE | None | ||
RANGER_KMS_ENCRYPT_SECRETS | |||
RANGER_KMS_SECRETS_FILE | /opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/ranger-kms{{GLOBAL_SECRETS_FILE_SUFFIX}} | ||
RANGER_KMS_SECRETS_KEYSTORE_PASSWORD | |||
RANGER_KMS_SECRETS_KEYPREFIX | |||
RANGER_KMS_ENCRYPT_PROPS_LIST | |||
RANGER_KMS_K8S_PVC_NAME | {{K8S_NAMESPACE}}-ranger-kms-pvc | ||
RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB | 1024 | ||
RANGER_KMS_K8S_PVC_STORAGE_SIZE | {{RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB}}M | ||
RANGER_KMS_K8S_STORAGE_PROVISIONER | |||
RANGER_KMS_K8S_SC_NAME | {{K8S_NAMESPACE}}-store-privacera-ranger-kms | ||
RANGER_KMS_K8S_PV_ENCRYPTED | |||
RANGER_KMS_K8S_PV_KEY | |||
RANGER_KMS_K8S_LOADBALANCER_EXTERNAL | FALSE | ||
RANGER_KMS_K8S_ANNOTATION_LOADBALANCER_ANNOTATION | |||
RANGER_KMS_HEAP_MIN_MEMORY_MB | Minimum Java Heap memory in MB used by Ranger KMS. | 1024 | |
RANGER_KMS_HEAP_MIN_MEMORY | {{ RANGER_KMS_HEAP_MIN_MEMORY_MB }}m | ||
RANGER_KMS_HEAP_MAX_MEMORY_MB | Maximum Java Heap memory in MB used by Ranger KMS. | 1024 | |
RANGER_KMS_HEAP_MAX_MEMORY | {{ RANGER_KMS_HEAP_MAX_MEMORY_MB }}m | ||
RANGER_KMS_K8S_MEM_REQUESTS_MB | |||
RANGER_KMS_K8S_MEM_LIMITS | {{ RANGER_KMS_K8S_MEM_LIMITS_MB }}M | ||
RANGER_KMS_CPU_MIN | |||
RANGER_KMS_CPU_MAX | |||
RANGER_KMS_K8S_CPU_REQUESTS | |||
RANGER_KMS_K8S_CPU_LIMITS |