Skip to main content

Privacera Documentation

Certificate setup in Secrets Manager

AWS EMR Native Ranger mandates usage of mutual TLS between Ranger plug-ins and the Privacera Ranger Admin. To provide these TLS certificates, they must be in the AWS Secrets Manager and provided in an EMR Security Configuration. Perform the following steps to proceed with configuration:

Create two secrets in AWS Secret Manager:

  1. Ranger Admin Public Cert

    1. Login to AWS Console and navigate to Secrets Manager and then click Store a new secret option.

    2. Select secret type as Other type of secrets and then go to the Plaintext tab.

    3. Go to your PrivaceraCloud account and follow navigation Settings > ApiKey > AWS EMR Native Ranger Plugin > Ranger Admin Public Cert > Download Certificate.

    4. Add the contents of this Certificate in the Plaintext tab.

    5. Select the encryption key as per your requirement.

    6. Click Next. Enter the Secret name. For example: ranger-admin-pub-cert

    7. Click Next. The Configure automatic rotation page is displayed. No action required.

      Click Next.

    8. Review Secret details and click Store.

      The Secret is stored successfully.

  2. Ranger Client KeyPair

    1. Login to AWS Console and navigate to Secrets Manager and then click Store a new secret option.

    2. Select secret type as Other type of secrets and then go to Plaintext tab.

    3. Go to your PrivaceraCloud account and follow navigation Settings > ApiKey > AWS EMR Native Ranger Plugin > Ranger Client KeyPair > Download Certificate.

    4. Add the contents of this certificate in the Plaintext tab.

    5. Select the encryption key as per your requirement.

    6. Click Next. Enter the Secret name. For example: ranger-plugin-key-cert

    7. Click Next. The Configure automatic rotation page is displayed. No action required.

      Click Next.

    8. Review Secret details and click Store.

      The Secret is stored successfully.