Major Description
I have some confusions of kms HA recently.
1. we can set up multiple KMS instances behind a load balancer. Among all these kms instances, there is only one master kms, others are slave kms. The master kms can handle Key create/store/rollover/delete operations by directly contacting with JCE keystore file. The slave kms can handle Key create/store/rollover/delete operations by delegating it to the master kms.
so although we set up multiple kms, there is only one JCE keystore file, and only the master kms can access to this file. Both the JCE keystore file and the master kms don't have a backup. If one of them died, there is no way to avoid losing data.
Is all of the above true? KMS doesn't have a solution to handle the failure of master kms and JCE keystore file?
2. I heard another way to achieve kms HA: make use of LoadBalancingKMSClientProvider. But I can't find detail informations of LoadBalancingKMSClientProvider. So why the LoadBalancingKMSClientProvider can achieve kms HA?