| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <configuration> |
| |
| <!-- Blacklist for authorization --> |
| |
| <property> |
| <name>hadoop.kms.blacklist.DECRYPT_EEK</name> |
| <value>hdfs</value> |
| <description> |
| Blacklist for decrypt EncryptedKey |
| CryptoExtension operations |
| </description> |
| </property> |
| |
| <!-- Encryption key Password --> |
| |
| <property> |
| <name>ranger.db.encrypt.key.password</name> |
| <value>Str0ngPassw0rd</value> |
| <description> |
| Password used for encrypting Master Key |
| </description> |
| </property> |
| |
| <!-- db Details --> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.url</name> |
| <value>jdbc:log4jdbc:mysql://localhost:3306/rangerkms</value> |
| <description> |
| URL for Database |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.user</name> |
| <value>kmsadmin</value> |
| <description> |
| Database username used for operation |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.password</name> |
| <value>kmsadmin</value> |
| <description> |
| Database user's password |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.credential.provider.path</name> |
| <value>/tmp/kms.jceks</value> |
| <description> |
| Credential provider path |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.credential.alias</name> |
| <value>ranger.ks.jdbc.password</value> |
| <description> |
| Credential alias used for password |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.masterkey.credential.alias</name> |
| <value>ranger.ks.masterkey.password</value> |
| <description> |
| Credential alias used for masterkey |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.dialect</name> |
| <value>org.eclipse.persistence.platform.database.MySQLPlatform</value> |
| <description> |
| Dialect used for database |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jpa.jdbc.driver</name> |
| <value>net.sf.log4jdbc.DriverSpy</value> |
| <description> |
| Driver used for database |
| </description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.jdbc.sqlconnectorjar</name> |
| <value>/usr/share/java/mysql-connector-java.jar</value> |
| <description> |
| Driver used for database |
| </description> |
| </property> |
| |
| <!-- Ranger KMS Kerberos Config --> |
| <property> |
| <name>ranger.ks.kerberos.principal</name> |
| <value>rangerkms/_HOST@REALM</value> |
| </property> |
| |
| <property> |
| <name>ranger.ks.kerberos.keytab</name> |
| <value></value> |
| </property> |
| |
| <!-- Key-Secure Config START--> |
| |
| <property> |
| <name>ranger.kms.keysecure.enabled</name> |
| <value>false</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.kms.keysecure.UserPassword.Authentication</name> |
| <value>true</value> |
| <description></description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.masterkey.name</name> |
| <value>safenetmasterkey</value> |
| <description>Safenet key secure master key name</description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.login.username</name> |
| <value>user1</value> |
| <description>Safenet key secure username</description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.login.password</name> |
| <value>t1e2s3t4</value> |
| <description>Safenet key secure user password</description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.login.password.alias</name> |
| <value>ranger.ks.login.password</value> |
| <description>Safenet key secure user password</description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.hostname</name> |
| <value>SunPKCS11-keysecurehn</value> |
| <description>Safenet key secure hostname</description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.masterkey.size</name> |
| <value>256</value> |
| <description>key size</description> |
| </property> |
| <property> |
| <name>ranger.kms.keysecure.sunpkcs11.cfg.filepath</name> |
| <value>/opt/safenetConf/64/8.3.1/sunpkcs11.cfg</value> |
| <description>Location of Safenet key secure library configuration file</description> |
| </property> |
| |
| <!-- Key-Secure Config END--> |
| |
| <!-- HSM Config --> |
| <property> |
| <name>ranger.ks.hsm.type</name> |
| <value>LunaProvider</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.enabled</name> |
| <value>false</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.partition.name</name> |
| <value></value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.partition.password</name> |
| <value></value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.hsm.partition.password.alias</name> |
| <value>ranger.kms.hsm.partition.password</value> |
| <description></description> |
| </property> |
| |
| <property> |
| <name>ranger.ks.db.ssl.enabled</name> |
| <value>false</value> |
| </property> |
| <property> |
| <name>ranger.ks.db.ssl.required</name> |
| <value>false</value> |
| </property> |
| <property> |
| <name>ranger.ks.db.ssl.verifyServerCertificate</name> |
| <value>false</value> |
| </property> |
| <property> |
| <name>ranger.ks.db.ssl.auth.type</name> |
| <value>2-way</value> |
| </property> |
| </configuration> |