Skip to main content

Privacera Documentation

Table of Contents

Migrate Ranger KMS master key on Privacera Platform

The following steps will migrate the master key of Ranger KMS from its database to the Azure Key Vault.

  1. Run the following commands to enter the Ranger KMS shell:

    • Docker shell

      cd /home/ec2-user/privacera/docker
      ./privacera_services shell ranger-kms
    • Kubernetes shell

      In the variable, <NAMESPACE>, provide your namespace.

      kubectl get pods -n <NAMESPACE>
      kubectl exec -it <ranger_kms_pod_name> -n <NAMESPACE> -- bash
  2. Run the following commands to run the migration script:

    bash DBMKTOAZUREKEYVAULT.sh <azureMasterKeyName> <azureMasterKeyType> 
    <zoneKeyEncryptionAlgo> <azureKeyVaultUrl> <azureClientId> <isSSLEnabled:true/false> 
    <clientSecret / Certificate Path>
    

    Parameter

    Description

    <azureMasterKeyName>

    Name of the Master Key you want to migrate.

    <azureMasterKeyType>

    Type of the Master Key. For example, RSA

    <zoneKeyEncryptionAlgo>

    Encryption algorithm used in the Master Key. For example: RSA_OAEP

    <azureKeyVaultUrl>

    Azure Key Vault URL.

    <azureClientId>

    Azure Client ID.

    <isSSLEnabled:true/false>

    Enable SSL. For example: true

    <clientSecret / Certificate Path>

    If the authentication is done without SSL enabled, get the client secret. For more information, click here.

    If the authentication is done with SSL enabled, get the certificate secret. For more information, click here.