Help Center/ MapReduce Service/ Component Operation Guide (LTS) (Ankara Region)/ Using KMS/ Updating a Key
Updated on 2024-11-29 GMT+08:00
View PDF
Share

Updating a Key

Scenario

After a KMS key is created, you can use the key to encrypt the HDFS partitions. To ensure data security, the administrator can periodically update the key manually or automatically.

Prerequisites

  • The KMS service has been installed and is running properly. It has been interconnected with a third-party KMS server.
  • A key has been created.

Procedure

Manually updating a key

  1. Log in to FusionInsight Manager of the cluster where the KMS service is located.
  2. Choose Cluster > Name of the desired cluster > Services > KMS. The KMS service page is displayed.
  3. Choose More > Roll Over All Keys. In the Verify Identity dialog box, enter the administrator password and click OK.
  4. In the Roll Over All Keys dialog box that is displayed, click OK. The system starts to update the key. Wait until the operation is complete.

Automatically updating a key

  1. Log in to FusionInsight Manager of the cluster where the KMS service is located.
  2. Choose Cluster > Name of the desired cluster > Services > KMS > Configurations > All Configurations. The KMS service configuration page is displayed.
  3. In the navigation tree on the left, choose KMS > Rollover.
  4. Modify related parameters as required to set automatic key update. Table 1 describes the parameters.

    Table 1 Parameters for automatically updating a key

    Parameter

    Default Value

    Description

    kms.auto.key-rollover.enabled

    true

    Indicates whether to enable automatic key update for KMS.

    kms.auto.key-rollover.cron.expression

    0 1 * * 6

    CRON expression used by KMS to automatically update a key. This expression is used to control the start time of automatic key update.

    This parameter is valid only when kms.auto.rollover-key.enabled is set to true. The default value is 0 1 * * 6, indicating that the task is executed at 01:00 every Saturday.

    kms.auto.key-rollover.keys.list

    ALL_KEYS

    List of keys that are automatically updated by KMS. Multiple keys are separated by commas (,). If this parameter is set to ALL_KEYS, all keys are automatically updated.

    This parameter is valid only when kms.auto.rollover-key.enabled is set to true.

After the key is updated, choose O&M > Alarm > Events to view the key update details.

Parent topic: Using KMS