Hi All.
Two questions regarding Percona Postgresql V18 pg_tde:-
- Can you add more X1 KMIP key provider IP for KMIP redundancy/ standby server tests ?
Primary KMIP Keystore IP
SELECT pg_tde_add_global_key_provider_kmip(
‘kmip’,‘127.0.0.1’,
5696,
‘/tmp/server_certificate.pem’,
‘/tmp/client_cert_jane_doe.pem’,
‘/tmp/client_key_jane_doe.pem’
);
Standby KMIP Keystore IP
SELECT pg_tde_add_global_key_provider_kmip(
‘kmip’,‘127.0.0.1’,
5696,
‘/tmp/server_certificate.pem’,
‘/tmp/client_cert_jane_doe.pem’,
‘/tmp/client_key_jane_doe.pem’
);
I am currently testing this and will test failover if one KMIP keystore is not available? Has anyone implemented a similar solution before.
- On Certificate renewal, How do you rotate new Certs and keys ?
Kind Regards
Natasha