You set up TDE for HDFS replication using the instructions in the HDP
            Security guide. You can set TDE per directory or per cluster on HDFS.
        During the replication process, the source data is decrypted using the source key and is
        encrypted using the destination key.
        - 
                (Optional) Encrypt the source directory and grant the DLM Engine user access to
                    the KMS key in the source Ranger service.
                
            
- 
                Encrypt the destination directory and grant the DLM Engine user access to the
                    KMS key in the destination Ranger service.
                
            
After you configure TDE on the data to be replicated, DLM
            can identify which directories have TDE enabled. When configuring a replication policy
            in the DLM App, you can identify and select the TDE-enabled data. You also have the
            option of replicating data using the same TDE key on both the source and destination, to
            reduce the overhead of decryption and encryption.