Skip to content

Ranger KMS

The following table contains the list of custom properties that can be configured for Ranger KMS.

Property Description Values Default Value
RANGER_KMS_IMAGE_NAME    
RANGER_KMS_IMAGE_TAG    
RANGER_KMS_DB_HOST    
RANGER_KMS_DB_SSL_ENABLED    
RANGER_KMS_DB_SSL_REQUIRED    
RANGER_KMS_DB_SSL_VERIFY_CERT    
RANGER_KMS_DB_SSL_AUTH_TYPE    
RANGER_KMS_DB_ROOT_USER    
RANGER_KMS_DB_ROOT_PASSWORD    
RANGER_KMS_DB_NAME    
RANGER_KMS_DB_USER    
RANGER_KMS_DB_PASSWORD    
RANGER_KMS_HTTP_ENABLED     FALSE
RANGER_KMS_HTTPS_KEYSTORE_FILE     /opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/{{RANGER_KMS_SSL_KEYSTORE_FILENAME}}
RANGER_KMS_MASTER_KEY_PASSWORD

Property to set master key password for Ranger KMS.

It is the password to encrypt the master. Once the master key and zone key are created, and if this password is changed, then you wouldn't be able to get the master key back. Also, this will impact the retrieval of data using zone key. Hence, it should be set properly at the first time itself.

  Str0ngPassw0rd
RANGER_KMS_HSM_TYPE     LunaProvider
RANGER_KMS_HSM_ENABLED     FALSE
RANGER_KMS_HSM_PARTITION_NAME     par19
RANGER_KMS_HSM_PARTITION_PASSWORD     <UPDATE_THIS_VALUE>
RANGER_KMS_KEYSECURE_ENABLED      
RANGER_KMS_KEYSECURE_USER_PASSWORD_AUTHENTICATION      
RANGER_KMS_KEYSECURE_MASTERKEY_NAME      
RANGER_KMS_KEYSECURE_USERNAME      
RANGER_KMS_KEYSECURE_PASSWORD      
RANGER_KMS_KEYSECURE_MASTER_KEY_SIZE      
RANGER_KMS_KEYSECURE_LIB_CONFIG_PATH      
RANGER_KMS_UNIX_USER     kms
RANGER_KMS_UNIX_USER_PWD     kms
RANGER_KMS_UNIX_GROUP     kms
RANGER_KMS_REPOSITORY_NAME     privacera_kms
RANGER_KMS_XAAUDIT_SUMMARY_ENABLE     FALSE
RANGER_KMS_XAAUDIT_SOLR_ENABLE     TRUE
RANGER_KMS_XAAUDIT_SOLR_URL    
RANGER_KMS_XAAUDIT_SOLR_USER    
RANGER_KMS_XAAUDIT_SOLR_PASSWORD    
RANGER_KMS_XAAUDIT_SOLR_ZOOKEEPER     NONE
RANGER_KMS_XAAUDIT_SOLR_FILE_SPOOL_DIR     /var/log/ranger/kms/audit/solr/spool
RANGER_KMS_LOG_DIR     /var/log/kms
RANGER_KMS_PID_DIR_PATH     /var/run/ranger_kms
RANGER_KMS_DIR     $PWD
RANGER_KMS_APP_HOME     $PWD/ews/webapp
RANGER_KMS_TMPFILE     $PWD/.fi_tmp
RANGER_KMS_LOGFILE     $PWD/logfile
RANGER_KMS_MYSQL_CORE_FILE     db/mysql/kms_core_db.sql
RANGER_KMS_ORACLE_CORE_FILE     db/oracle/kms_core_db_oracle.sql
RANGER_KMS_POSTGRES_CORE_FILE     db/postgres/kms_core_db_postgres.sql
RANGER_KMS_SQLSERVER_CORE_FILE     db/sqlserver/kms_core_db_sqlserver.sql
RANGER_KMS_SQLANYWHERE_CORE_FILE     db/sqlanywhere/kms_core_db_sqlanywhere.sql
RANGER_KMS_CRED_KEYSTORE_FILENAME     localjceks://file$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks
RANGER_KMS_BLACKLIST_DECRYPT_EEK     hdfs
CRYPTO_RANGER_ENABLE    
RANGER_KMS_HOST_NAME     ranger-kms
RANGER_KMS_PORT    
RANGER_KMS_EXTERNAL_HTTP_PORT Property to change the default port number for a secured Ranger KMS.   9494
RANGER_KMS_EXTERNAL_HTTPS_PORT Property to change the default port number for a secured Ranger KMS.   9393
RANGER_KMS_URL    
RANGER_KMS_SSL_ENABLE    
RANGER_KMS_SSL_SELF_SIGNED     TRUE
RANGER_KMS_SSL_KEYSTORE_FILE_PATH     /etc/ranger/kms/conf/{{RANGER_PLUGIN_KEYSTORE_FILENAME}}
RANGER_KMS_PLUGIN_SSL_KEYSTORE_PASSWORD    
RANGER_KMS_SSL_KEYSTORETYPE    
RANGER_KMS_SSL_KEYSTORE_FILENAME    
RANGER_KMS_SSL_KEYSTORE_PASSWORD    
RANGER_KMS_SSL_TRUSTSTORE_FILE_PATH     /etc/ranger/kms/conf/{{PRIVACERA_GLOBAL_TRUSTSTORE_FILENAME}}
RANGER_KMS_SSL_TRUSTSTORE_PASSWORD    
RANGER_KMS_KEYSTORE_PASSWORD    
RANGER_KMS_TRUSTSTORE_PASSWORD    
RANGER_KMS_KEYSTORE_ALIAS     ranger-kms-alias
RANGERKMS_PLUGIN_JCEKS_STOREPASS     none
RANGER_KMS_SSL_SIGNED_PEM_FULL_CHAIN    
RANGER_KMS_SSL_SIGNED_PEM_PRIVATE_KEY    
RANGER_KMS_SSL_PKCS12_PASSWORD    
RANGER_KMS_SSL_SIGNED_CERT_FORMAT     pem
RANGER_KMS_SSL_SIGNED_PKCS12_ALIAS     ranger-kms-alias
RANGER_KMS_SSL_SIGNED_PKCS12_FILE     ranger-kms.pkcs12
HSM_ENABLED     FALSE
HSM_PARTITION_NAME     par19
HSM_PARTITION_PASSWORD     <UPDATE_THIS_VALUE>
AZURE_KEYVAULT_ENABLED     FALSE
AZURE_KEYVAULT_SSL_ENABLED     FALSE
AZURE_KEYVAULT_CLIENT_ID     None
AZURE_KEYVAULT_CLIENT_SECRET     None
AZURE_KEYVAULT_CERTIFICATE_PATH     None
AZURE_KEYVAULT_CERTIFICATE_PASSWORD     None
AZURE_KEYVAULT_MASTERKEY_NAME     RangerMasterKey
AZURE_KEYVAULT_MASTER_KEY_TYPE     RSA
AZURE_KEYVAULT_ZONE_KEY_ENCRYPTION_ALGO     RSA_OAEP
AZURE_KEYVAULT_URL     None
AZURE_KEYVAULT_CERT_FILE     None
RANGER_KMS_ENCRYPT_SECRETS    
RANGER_KMS_SECRETS_FILE     /opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/ranger-kms{{GLOBAL_SECRETS_FILE_SUFFIX}}
RANGER_KMS_SECRETS_KEYSTORE_PASSWORD    
RANGER_KMS_SECRETS_KEYPREFIX    
RANGER_KMS_ENCRYPT_PROPS_LIST      
RANGER_KMS_K8S_PVC_NAME     {{K8S_NAMESPACE}}-ranger-kms-pvc
RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB     1024
RANGER_KMS_K8S_PVC_STORAGE_SIZE     {{RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB}}M
RANGER_KMS_K8S_STORAGE_PROVISIONER    
RANGER_KMS_K8S_SC_NAME     {{K8S_NAMESPACE}}-store-privacera-ranger-kms
RANGER_KMS_K8S_PV_ENCRYPTED    
RANGER_KMS_K8S_PV_KEY    
RANGER_KMS_K8S_LOADBALANCER_EXTERNAL     FALSE
RANGER_KMS_K8S_ANNOTATION_LOADBALANCER_ANNOTATION    
RANGER_KMS_HEAP_MIN_MEMORY_MB Minimum Java Heap memory in MB used by Ranger KMS.   1024
RANGER_KMS_HEAP_MIN_MEMORY     {{ RANGER_KMS_HEAP_MIN_MEMORY_MB }}m
RANGER_KMS_HEAP_MAX_MEMORY_MB Maximum Java Heap memory in MB used by Ranger KMS.   1024
RANGER_KMS_HEAP_MAX_MEMORY     {{ RANGER_KMS_HEAP_MAX_MEMORY_MB }}m
RANGER_KMS_K8S_MEM_REQUESTS_MB    
RANGER_KMS_K8S_MEM_LIMITS     {{ RANGER_KMS_K8S_MEM_LIMITS_MB }}M
RANGER_KMS_CPU_MIN    
RANGER_KMS_CPU_MAX    
RANGER_KMS_K8S_CPU_REQUESTS    
RANGER_KMS_K8S_CPU_LIMITS