in src/kudu/ranger-kms/mini_ranger_kms_configs.h [162:374]
inline std::string GetRangerKMSDbksSiteXml(const std::string& pg_host,
const uint16_t pg_port,
const std::string& pg_driver,
const std::string& host,
const std::string& keytab) {
constexpr const char* const kRangerKMSDbksSiteXmlTemplate = R"(
<configuration>
<property>
<name>hadoop.kms.blacklist.DECRYPT_EEK</name>
<value>hdfs</value>
<description>
Blacklist for decrypt EncryptedKey
CryptoExtension operations
</description>
</property>
<property>
<name>ranger.db.encrypt.key.password</name>
<value>Str0ngPassw0rd</value>
<description>
Password used for encrypting Master Key
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.cipher</name>
<value>AES</value>
<description>
Cipher used for encrypting Master Key
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.size</name>
<value>256</value>
<description>
Size of masterkey
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.salt.size</name>
<value>8</value>
<description>
Salt size to encrypt Master Key
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.salt</name>
<value>abcdefghijklmnopqrstuvwxyz01234567890</value>
<description>
Salt to encrypt Master Key
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.iteration.count</name>
<value>1000</value>
<description>
Iteration count to encrypt Master Key
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.encryption.algorithm</name>
<value>PBEWithMD5AndDES</value>
<description>
Algorithm to encrypt Master Key
</description>
</property>
<property>
<name>ranger.kms.service.masterkey.password.md.algorithm</name>
<value>SHA</value>
<description>
Message Digest algorithn to encrypt Master Key
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.url</name>
<value>jdbc:postgresql://$0:$1/rangerkms</value>
<description>
URL for Database
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.user</name>
<value>rangerkms</value>
<description>
Database username used for operation
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.password</name>
<value></value>
<description>
Database user's password
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.credential.provider.path</name>
<value>/root/ranger-2.1.0-kms/ews/webapp/WEB-INF/classes/conf/.jceks/rangerkms.jceks</value>
<description>
Credential provider path
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.credential.alias</name>
<value>ranger.ks.jpa.jdbc.credential.alias</value>
<description>
Credential alias used for password
</description>
</property>
<property>
<name>ranger.ks.masterkey.credential.alias</name>
<value>ranger.ks.masterkey.password</value>
<description>
Credential alias used for masterkey
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.dialect</name>
<value>org.eclipse.persistence.platform.database.PostgreSQLPlatform</value>
<description>
Dialect used for database
</description>
</property>
<property>
<name>ranger.ks.jpa.jdbc.driver</name>
<value>org.postgresql.Driver</value>
<description>
Driver used for database
</description>
</property>
<property>
<name>ranger.ks.jdbc.sqlconnectorjar</name>
<value>$2</value>
<description>
Driver used for database
</description>
</property>
<property>
<name>ranger.ks.kerberos.principal</name>
<value>rangerkms/$3@KRBTEST.COM</value>
</property>
<property>
<name>ranger.ks.kerberos.keytab</name>
<value>$4</value>
</property>
<property>
<name>ranger.kms.keysecure.enabled</name>
<value>false</value>
<description />
</property>
<property>
<name>ranger.kms.keysecure.UserPassword.Authentication</name>
<value>true</value>
<description />
</property>
<property>
<name>ranger.kms.keysecure.masterkey.name</name>
<value>safenetmasterkey</value>
<description>Safenet key secure master key name</description>
</property>
<property>
<name>ranger.kms.keysecure.login.username</name>
<value>user1</value>
<description>Safenet key secure username</description>
</property>
<property>
<name>ranger.kms.keysecure.login.password</name>
<value>t1e2s3t4</value>
<description>Safenet key secure user password</description>
</property>
<property>
<name>ranger.kms.keysecure.login.password.alias</name>
<value>ranger.ks.login.password</value>
<description>Safenet key secure user password</description>
</property>
<property>
<name>ranger.kms.keysecure.hostname</name>
<value>SunPKCS11-keysecurehn</value>
<description>Safenet key secure hostname</description>
</property>
<property>
<name>ranger.kms.keysecure.masterkey.size</name>
<value>256</value>
<description>key size</description>
</property>
<property>
<name>ranger.kms.keysecure.sunpkcs11.cfg.filepath</name>
<value>/opt/safenetConf/64/8.3.1/sunpkcs11.cfg</value>
<description>Location of Safenet key secure library configuration file</description>
</property>
<property>
<name>ranger.kms.keysecure.provider.type</name>
<value>SunPKCS11</value>
<description>Security Provider for key secure</description>
</property>
<property>
<name>ranger.ks.db.ssl.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.ks.db.ssl.required</name>
<value>false</value>
</property>
<property>
<name>ranger.ks.db.ssl.verifyServerCertificate</name>
<value>false</value>
</property>
<property>
<name>ranger.ks.db.ssl.auth.type</name>
<value>2-way</value>
</property>
</configuration>
)";
return strings::Substitute(kRangerKMSDbksSiteXmlTemplate, pg_host, pg_port,
pg_driver, host, keytab);
}