Installing Cloudera Navigator Key HSM

Cloudera Navigator Key HSM is a universal hardware security module (HSM) driver that translates between the target HSM platform and Cloudera Navigator Key Trustee Server.

With Navigator Key HSM, you can use a Key Trustee Server to securely store and retrieve encryption keys and other secure objects, without being limited solely to a hardware-based platform.

Prerequisites

You must install Key HSM on the same host as Key Trustee Server. See Data at Rest Encryption Requirements for more information about encryption and Key HSM requirements.

Installing Navigator Key HSM

  1. Install the Cloudera Repository
    Create or edit the /etc/yum.repos.d/gazzang.repo file (for example, sudo vi /etc/yum.repos.d/gazzang.repo) and add the following text. Replace USER and PASSWD with the username and password provided by Cloudera. If you do not know your username or password, contact your Cloudera account team.
    [gazzang_stable]
    name=RHEL $releasever - gazzang.com - base
    baseurl=https://USER:PASSWD@archive.gazzang.com/redhat/stable/$releasever
    enabled=1
    gpgcheck=1
    gpgkey=http://archive.gazzang.com/gpg_gazzang.asc
    Import the GPG key by running the following command:
    $ sudo rpm --import http://archive.gazzang.com/gpg_gazzang.asc
  2. Install Navigator Key HSM
    Install the Navigator Key HSM package using yum:
    $ sudo yum install keytrustee-keyhsm

    Cloudera Navigator Key HSM is installed to the /usr/share/keytrustee-server-keyhsm directory by default.