Effective Jan 31, 2021, all Cloudera software requires a subscription.

Access Restricted



Recommended Hardware and Supported Distributions

The recommended minimum hardware specifications are as follows:

  • Processor: 2 GHz 64-bit quad core
  • Memory: 16 GB RAM
  • Storage: 40 GB on moderate- to high-performance disk drives

Key Trustee KMS supports the following Linux distributions:

  • RHEL and CentOS: 5.7, 5.10, 6.4, 6.5, 6.6, 6.7, 7.1
  • Oracle Enterprise Linux: 5.7, 5.10, 6.4, 6.5, 6.6, 6.7, 7.1
  • SLES: 11 SP2, 11 SP3
  • Debian: 7.1
  • Ubuntu: 12.04, 14.04

The Key Trustee KMS workload is CPU-intensive. Cloudera recommends using machines with capabilities equivalent to your NameNode hosts, with Intel CPUs that support AES-NI for optimum performance.

Selected tab: systemrequirements

Issues Fixed in Key Trustee KMS 5.5.4

Key Trustee KMS configuration file and keys are stored in a volatile location

If the Key Trustee KMS 5.5.0 parcel is deactivated, any existing GPG keys are also deactivated. If the parcel is then reactivated, new GPG keys (used to create an authenticated and private communication channel with the Key Trustee Server) are generated. The existing GPG keys that were in use before the deactivation are not lost; however, they become inactive. If remedial action is not taken before deactivation, this can result in a loss of access to HDFS Encryption Zone keys generated with the older set of GPG keys. This in turn leads to loss of access to all data in all encryption zones. As long as the Key Trustee KMS parcel directory is not deleted, access can be restored. Assistance from Cloudera Support may be required. See TSB 2016-121 for more information (requires login to the Cloudera Support Portal).

KMS ACLs read from wrong file

The UNDELETE and PURGE ACL entries were being read from kms-site.xml instead of kms-acls.xml.

Selected tab: whatsnew

Related Downloads

Navigator Encrypt

Connects HDFS Encryption to Navigator Key Trustee Server for production-ready key storage.


Download Now >

Navigator Key Trustee Server

Enterprise-grade key management, storing keys for HDFS encryption and Navigator Encrypt. Required prerequisite for all 3 of the related encryption downloads.

Download Now >

Navigator Key HSM

Integrates Navigator Key Trustee to existing Hardware Security Modules (HSMs), providing an (optional) additional layer of security.


Download Now >

Want to Get Involved or Learn More?

Check out our other resources

Cloudera Community

Collaborate with your peers, industry experts, and Clouderans to make the most of your investment in Hadoop.

Cloudera Educational Services

Receive expert Hadoop training through Cloudera Educational Services, the industry's only truly dynamic Hadoop training curriculum that’s updated regularly to reflect the state of the art in big data.