Adding KMIP Global Key Providers for Standby KMIP Keystores

Hi All.

Two questions regarding Percona Postgresql V18 pg_tde:-

  1. Can you add more X1 KMIP key provider IP for KMIP redundancy/ standby server tests ?

Primary KMIP Keystore IP

SELECT pg_tde_add_global_key_provider_kmip(
‘kmip’,‘127.0.0.1’,
5696,
‘/tmp/server_certificate.pem’,
‘/tmp/client_cert_jane_doe.pem’,
‘/tmp/client_key_jane_doe.pem’
);

Standby KMIP Keystore IP

SELECT pg_tde_add_global_key_provider_kmip(
‘kmip’,‘127.0.0.1’,
5696,
‘/tmp/server_certificate.pem’,
‘/tmp/client_cert_jane_doe.pem’,
‘/tmp/client_key_jane_doe.pem’
);

I am currently testing this and will test failover if one KMIP keystore is not available? Has anyone implemented a similar solution before.

  1. On Certificate renewal, How do you rotate new Certs and keys ?

Kind Regards

Natasha