Take the following points into account when using transparent data encryption in an HA cluster environment that does not use streaming replication.

The primary and standby servers can use the same keystore file on the key management server or the key management storage. This is because the standby server is inactive while the primary server is active, so both servers cannot simultaneously read or write to the same file.

A copy of the keystore file can also be placed on both servers. In this case, you must copy the keystore file to the standby server if you change the master encryption key and the passphrase on the primary server.

When using an automatically opening keystore, enable automatic opening on the standby server. An automatically opening keystore (keystore.aks) created on the primary server cannot automatically open even if you copy it to the standby server.