This document provides an overview of Cloudera's Navigator Key Trustee, which is a key management server that acts as a proxy between CDH components and an external key store. It discusses how Key Trustee uses encryption zone keys stored in an external hardware security module to encrypt data encryption keys, which are then used to encrypt data at rest in HDFS. The document also covers Key Trustee's architecture, deployment considerations, access control lists, and troubleshooting steps.