Skip to main content

Privacera Documentation

System-level settings for Ranger KMS on Privacera Platform

The following table contains the list of custom properties that can be configured for Ranger KMS.

Property

Description

Values

Default Value

RANGER_KMS_IMAGE_NAME

RANGER_KMS_IMAGE_TAG

RANGER_KMS_DB_HOST

RANGER_KMS_DB_SSL_ENABLED

RANGER_KMS_DB_SSL_REQUIRED

RANGER_KMS_DB_SSL_VERIFY_CERT

RANGER_KMS_DB_SSL_AUTH_TYPE

RANGER_KMS_DB_ROOT_USER

RANGER_KMS_DB_ROOT_PASSWORD

RANGER_KMS_DB_NAME

RANGER_KMS_DB_USER

RANGER_KMS_DB_PASSWORD

RANGER_KMS_HTTP_ENABLED

FALSE

RANGER_KMS_HTTPS_KEYSTORE_FILE

/opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/{{RANGER_KMS_SSL_KEYSTORE_FILENAME}}

RANGER_KMS_MASTER_KEY_PASSWORD

Property to set master key password for Ranger KMS.

It is the password to encrypt the master. Once the master key and zone key are created, and if this password is changed, then you wouldn't be able to get the master key back. Also, this will impact the retrieval of data using zone key. Hence, it should be set properly at the first time itself.

Str0ngPassw0rd

RANGER_KMS_HSM_TYPE

LunaProvider

RANGER_KMS_HSM_ENABLED

FALSE

RANGER_KMS_HSM_PARTITION_NAME

par19

RANGER_KMS_HSM_PARTITION_PASSWORD

<UPDATE_THIS_VALUE>

RANGER_KMS_KEYSECURE_ENABLED

RANGER_KMS_KEYSECURE_USER_PASSWORD_AUTHENTICATION

RANGER_KMS_KEYSECURE_MASTERKEY_NAME

RANGER_KMS_KEYSECURE_USERNAME

RANGER_KMS_KEYSECURE_PASSWORD

RANGER_KMS_KEYSECURE_MASTER_KEY_SIZE

RANGER_KMS_KEYSECURE_LIB_CONFIG_PATH

RANGER_KMS_UNIX_USER

kms

RANGER_KMS_UNIX_USER_PWD

kms

RANGER_KMS_UNIX_GROUP

kms

RANGER_KMS_REPOSITORY_NAME

privacera_kms

RANGER_KMS_XAAUDIT_SUMMARY_ENABLE

FALSE

RANGER_KMS_XAAUDIT_SOLR_ENABLE

TRUE

RANGER_KMS_XAAUDIT_SOLR_URL

RANGER_KMS_XAAUDIT_SOLR_USER

RANGER_KMS_XAAUDIT_SOLR_PASSWORD

RANGER_KMS_XAAUDIT_SOLR_ZOOKEEPER

NONE

RANGER_KMS_XAAUDIT_SOLR_FILE_SPOOL_DIR

/var/log/ranger/kms/audit/solr/spool

RANGER_KMS_LOG_DIR

/var/log/kms

RANGER_KMS_PID_DIR_PATH

/var/run/ranger_kms

RANGER_KMS_DIR

$PWD

RANGER_KMS_APP_HOME

$PWD/ews/webapp

RANGER_KMS_TMPFILE

$PWD/.fi_tmp

RANGER_KMS_LOGFILE

$PWD/logfile

RANGER_KMS_MYSQL_CORE_FILE

db/mysql/kms_core_db.sql

RANGER_KMS_ORACLE_CORE_FILE

db/oracle/kms_core_db_oracle.sql

RANGER_KMS_POSTGRES_CORE_FILE

db/postgres/kms_core_db_postgres.sql

RANGER_KMS_SQLSERVER_CORE_FILE

db/sqlserver/kms_core_db_sqlserver.sql

RANGER_KMS_SQLANYWHERE_CORE_FILE

db/sqlanywhere/kms_core_db_sqlanywhere.sql

RANGER_KMS_CRED_KEYSTORE_FILENAME

localjceks://file$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks

RANGER_KMS_BLACKLIST_DECRYPT_EEK

hdfs

CRYPTO_RANGER_ENABLE

RANGER_KMS_HOST_NAME

ranger-kms

RANGER_KMS_PORT

RANGER_KMS_EXTERNAL_HTTP_PORT

Property to change the default port number for a secured Ranger KMS.

9494

RANGER_KMS_EXTERNAL_HTTPS_PORT

Property to change the default port number for a secured Ranger KMS.

9393

RANGER_KMS_URL

RANGER_KMS_SSL_ENABLE

RANGER_KMS_SSL_SELF_SIGNED

TRUE

RANGER_KMS_SSL_KEYSTORE_FILE_PATH

/etc/ranger/kms/conf/{{RANGER_PLUGIN_KEYSTORE_FILENAME}}

RANGER_KMS_PLUGIN_SSL_KEYSTORE_PASSWORD

RANGER_KMS_SSL_KEYSTORETYPE

RANGER_KMS_SSL_KEYSTORE_FILENAME

RANGER_KMS_SSL_KEYSTORE_PASSWORD

RANGER_KMS_SSL_TRUSTSTORE_FILE_PATH

/etc/ranger/kms/conf/{{PRIVACERA_GLOBAL_TRUSTSTORE_FILENAME}}

RANGER_KMS_SSL_TRUSTSTORE_PASSWORD

RANGER_KMS_KEYSTORE_PASSWORD

RANGER_KMS_TRUSTSTORE_PASSWORD

RANGER_KMS_KEYSTORE_ALIAS

ranger-kms-alias

RANGERKMS_PLUGIN_JCEKS_STOREPASS

none

RANGER_KMS_SSL_SIGNED_PEM_FULL_CHAIN

RANGER_KMS_SSL_SIGNED_PEM_PRIVATE_KEY

RANGER_KMS_SSL_PKCS12_PASSWORD

RANGER_KMS_SSL_SIGNED_CERT_FORMAT

pem

RANGER_KMS_SSL_SIGNED_PKCS12_ALIAS

ranger-kms-alias

RANGER_KMS_SSL_SIGNED_PKCS12_FILE

ranger-kms.pkcs12

HSM_ENABLED

FALSE

HSM_PARTITION_NAME

par19

HSM_PARTITION_PASSWORD

<UPDATE_THIS_VALUE>

AZURE_KEYVAULT_ENABLED

FALSE

AZURE_KEYVAULT_SSL_ENABLED

FALSE

AZURE_KEYVAULT_CLIENT_ID

None

AZURE_KEYVAULT_CLIENT_SECRET

None

AZURE_KEYVAULT_CERTIFICATE_PATH

None

AZURE_KEYVAULT_CERTIFICATE_PASSWORD

None

AZURE_KEYVAULT_MASTERKEY_NAME

RangerMasterKey

AZURE_KEYVAULT_MASTER_KEY_TYPE

RSA

AZURE_KEYVAULT_ZONE_KEY_ENCRYPTION_ALGO

RSA_OAEP

AZURE_KEYVAULT_URL

None

AZURE_KEYVAULT_CERT_FILE

None

RANGER_KMS_ENCRYPT_SECRETS

RANGER_KMS_SECRETS_FILE

/opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/ranger-kms{{GLOBAL_SECRETS_FILE_SUFFIX}}

RANGER_KMS_SECRETS_KEYSTORE_PASSWORD

RANGER_KMS_SECRETS_KEYPREFIX

RANGER_KMS_ENCRYPT_PROPS_LIST

RANGER_KMS_K8S_PVC_NAME

{{K8S_NAMESPACE}}-ranger-kms-pvc

RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB

1024

RANGER_KMS_K8S_PVC_STORAGE_SIZE

{{RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB}}M

RANGER_KMS_K8S_STORAGE_PROVISIONER

RANGER_KMS_K8S_SC_NAME

{{K8S_NAMESPACE}}-store-privacera-ranger-kms

RANGER_KMS_K8S_PV_ENCRYPTED

RANGER_KMS_K8S_PV_KEY

RANGER_KMS_K8S_LOADBALANCER_EXTERNAL

FALSE

RANGER_KMS_K8S_ANNOTATION_LOADBALANCER_ANNOTATION

RANGER_KMS_HEAP_MIN_MEMORY_MB

Minimum Java Heap memory in MB used by Ranger KMS.

1024

RANGER_KMS_HEAP_MIN_MEMORY

{{ RANGER_KMS_HEAP_MIN_MEMORY_MB }}m

RANGER_KMS_HEAP_MAX_MEMORY_MB

Maximum Java Heap memory in MB used by Ranger KMS.

1024

RANGER_KMS_HEAP_MAX_MEMORY

{{ RANGER_KMS_HEAP_MAX_MEMORY_MB }}m

RANGER_KMS_K8S_MEM_REQUESTS_MB

RANGER_KMS_K8S_MEM_LIMITS

{{ RANGER_KMS_K8S_MEM_LIMITS_MB }}M

RANGER_KMS_CPU_MIN

RANGER_KMS_CPU_MAX

RANGER_KMS_K8S_CPU_REQUESTS

RANGER_KMS_K8S_CPU_LIMITS