New Features in Key Trustee KMS

The following sections describe what's new in each Key Trustee KMS release.

What's New in Key Trustee KMS

What's New in Key Trustee KMS 5.16.0

There is a newly-documented feature that describes how to move a Key Trustee KMS proxy service role instance from an existing cluster host to another cluster host. For details, refer to Migrating a Key Trustee KMS Server Role Instance to a New Host.

What's New in Key Trustee KMS 5.15.0

There is a new feature that provides logic to detect and warn users about a potential problem where the GPG private keys have not been properly synchronized across all Key Trustee KMS HA hosts. For details, refer to Validating Private Key Synchronization (Key Trustee KMS HA Only), Enabling Key Trustee KMS High Availability, and Key Trustee KMS Encryption Issues.

What's New in Key Trustee KMS 5.14.0

There is a new procedure for migrating from a Key Trustee KMS (KT KMS) to a Hardware Security Module KMS (HSM KMS). For details, refer to Migrating from a Key Trustee KMS to an HSM KMS.

What's New in Key Trustee KMS 5.13.0

  • Re-encryption of encrypted data encryption keys (EDEKs), which ensures the automated re-encryption of all datafiles, and helps companies avoid the cost in time and resource of copying, decrypting, and re-encrypting datafiles. New, or re-encrypted key versions apply to datafiles previously encrypted by earlier key versions.
  • Support for RHEL 7.4
  • Support for OEL 7.4

What's New in Key Trustee KMS 5.12.0

  • The Key Trustee Parcel will no longer be released via archive.cloudera.com. The parcel will now be released via www.cloudera.com/downloads. Parcels already released on the archive site will continue to be available there.
  • Support for RHEL 6.9
  • Support for OEL 6.9

What's New in Key Trustee KMS 5.11.0

  • Support for SLES 12 SP2
  • Support for Ubuntu 16.04

What's New in Key Trustee KMS 5.10.0

  • Support for RHEL 7.3
  • Support for OEL 7.3

What's New in Key Trustee KMS 5.9.0

  • Support for RHEL 6.8
  • Support for OEL 6.8
  • Support for Debian 8.4
  • Support for SLES 12 SP1

What's New in Key Trustee KMS 5.8.2

What's New in Key Trustee KMS 5.8.0

  • Support for Debian 8.2
  • When adding the parcel-based Key Trustee KMS service for the first time, Cloudera Manager automatically backs up Key Trustee KMS locally. For more information, see 7. Add a Key Trustee KMS Service.
  • The Key Trustee KMS backup script (ktbackup.sh) adds a new option, --roll, which specifies the number of backups to retain. For more information, see Backing Up Key Trustee Server and Key Trustee KMS Using the ktbackup.sh Script.
  • When Key Trustee Server is configured for high availability, adding the Key Trustee KMS service in Cloudera Manager automatically configures round robin DNS load balancing.

What's New in Key Trustee KMS 5.7.4

What's New in Key Trustee KMS 5.7.1

What's New in Key Trustee KMS 5.7.0

What's New in Key Trustee KMS 5.5.4

What's New in Key Trustee KMS 5.5.0

  • Rolling restart works with Key Trustee KMS high availability.
  • When running Key Trustee KMS in a highly available configuration, Cloudera Manager can automatically generate the load balancer URL.

What's New in Key Trustee KMS 5.4.3