Skip to content

Ranger KMS#

The following table contains the list of custom properties that can be configured for Ranger KMS.

Property Description Values Default Value
RANGER_KMS_HTTPS_KEYSTORE_FILE     /opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/{{RANGER_KMS_SSL_KEYSTORE_FILENAME}}
RANGER_KMS_MASTER_KEY_PASSWORD

Property to set master key password for Ranger KMS.

It is the password to encrypt the master. Once the master key and zone key are created, and if this password is changed, then you wouldn't be able to get the master key back. Also, this will impact the retrieval of data using zone key. Hence, it should be set properly at the first time itself.

  Str0ngPassw0rd
RANGER_KMS_HSM_TYPE     LunaProvider
RANGER_KMS_HSM_ENABLED     FALSE
RANGER_KMS_HSM_PARTITION_NAME     par19
RANGER_KMS_HSM_PARTITION_PASSWORD     <UPDATE_THIS_VALUE>
RANGER_KMS_UNIX_USER     kms
RANGER_KMS_UNIX_USER_PWD     kms
RANGER_KMS_UNIX_GROUP     kms
RANGER_KMS_REPOSITORY_NAME     privacera_kms
RANGER_KMS_XAAUDIT_SUMMARY_ENABLE     FALSE
RANGER_KMS_XAAUDIT_SOLR_ENABLE     TRUE
RANGER_KMS_XAAUDIT_SOLR_ZOOKEEPER     NONE
RANGER_KMS_XAAUDIT_SOLR_FILE_SPOOL_DIR     /var/log/ranger/kms/audit/solr/spool
RANGER_KMS_LOG_DIR     /var/log/kms
RANGER_KMS_PID_DIR_PATH     /var/run/ranger_kms
RANGER_KMS_DIR     $PWD
RANGER_KMS_APP_HOME     $PWD/ews/webapp
RANGER_KMS_TMPFILE     $PWD/.fi_tmp
RANGER_KMS_LOGFILE     $PWD/logfile
RANGER_KMS_MYSQL_CORE_FILE     db/mysql/kms_core_db.sql
RANGER_KMS_ORACLE_CORE_FILE     db/oracle/kms_core_db_oracle.sql
RANGER_KMS_POSTGRES_CORE_FILE     db/postgres/kms_core_db_postgres.sql
RANGER_KMS_SQLSERVER_CORE_FILE     db/sqlserver/kms_core_db_sqlserver.sql
RANGER_KMS_SQLANYWHERE_CORE_FILE     db/sqlanywhere/kms_core_db_sqlanywhere.sql
RANGER_KMS_CRED_KEYSTORE_FILENAME     localjceks://file$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks
RANGER_KMS_BLACKLIST_DECRYPT_EEK     hdfs
RANGER_KMS_HOST_NAME     ranger-kms
RANGER_KMS_EXTERNAL_HTTP_PORT Property to change the default port number for a secured Ranger KMS.   9494
RANGER_KMS_EXTERNAL_HTTPS_PORT Property to change the default port number for a secured Ranger KMS.   9393
RANGER_KMS_SSL_SELF_SIGNED     TRUE
RANGER_KMS_SSL_KEYSTORE_FILE_PATH     /etc/ranger/kms/conf/{{RANGER_PLUGIN_KEYSTORE_FILENAME}}
RANGER_KMS_SSL_TRUSTSTORE_FILE_PATH     /etc/ranger/kms/conf/{{PRIVACERA_GLOBAL_TRUSTSTORE_FILENAME}}
RANGER_KMS_KEYSTORE_ALIAS     ranger-kms-alias
RANGERKMS_PLUGIN_JCEKS_STOREPASS     none
RANGER_KMS_SSL_SIGNED_CERT_FORMAT     pem
RANGER_KMS_SSL_SIGNED_PKCS12_ALIAS     ranger-kms-alias
RANGER_KMS_SSL_SIGNED_PKCS12_FILE     ranger-kms.pkcs12
HSM_ENABLED     FALSE
HSM_PARTITION_NAME     par19
HSM_PARTITION_PASSWORD     <UPDATE_THIS_VALUE>
AZURE_KEYVAULT_ENABLED     FALSE
AZURE_KEYVAULT_SSL_ENABLED     FALSE
AZURE_KEYVAULT_CLIENT_ID     None
AZURE_KEYVAULT_CLIENT_SECRET     None
AZURE_KEYVAULT_CERTIFICATE_PATH     None
AZURE_KEYVAULT_CERTIFICATE_PASSWORD     None
AZURE_KEYVAULT_MASTERKEY_NAME     RangerMasterKey
AZURE_KEYVAULT_MASTER_KEY_TYPE     RSA
AZURE_KEYVAULT_ZONE_KEY_ENCRYPTION_ALGO     RSA_OAEP
AZURE_KEYVAULT_URL     None
AZURE_KEYVAULT_CERT_FILE     None
RANGER_KMS_SECRETS_FILE     /opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/ranger-kms{{GLOBAL_SECRETS_FILE_SUFFIX}}
RANGER_KMS_K8S_PVC_NAME     {{K8S_NAMESPACE}}-ranger-kms-pvc
RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB     1024
RANGER_KMS_K8S_PVC_STORAGE_SIZE     {{RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB}}M
RANGER_KMS_K8S_SC_NAME     {{K8S_NAMESPACE}}-store-privacera-ranger-kms
RANGER_KMS_K8S_LOADBALANCER_EXTERNAL     FALSE
RANGER_KMS_HEAP_MIN_MEMORY_MB Minimum Java Heap memory in MB used by Ranger KMS.   1024
RANGER_KMS_HEAP_MIN_MEMORY     {{ RANGER_KMS_HEAP_MIN_MEMORY_MB }}m
RANGER_KMS_HEAP_MAX_MEMORY_MB Maximum Java Heap memory in MB used by Ranger KMS.   1024
RANGER_KMS_HEAP_MAX_MEMORY     {{ RANGER_KMS_HEAP_MAX_MEMORY_MB }}m
RANGER_KMS_K8S_MEM_REQUESTS     {{ RANGER_KMS_K8S_MEM_REQUESTS_MB }}M
RANGER_KMS_K8S_MEM_LIMITS     {{ RANGER_KMS_K8S_MEM_LIMITS_MB }}M

Last update: September 23, 2021