I have a Java client that talks to two different HDP clusters (one for reading data and the other to write data). I have currently successfully setup Ranger KMS on one of my clusters and I am able to successfully read/write data from my Java client into an encrypted zone in my cluster. Apart from setting the right policies in KMS, all I had to do was update the hdfs-site.xml and core-site.xml to point to my KMS instance.
However, I want to eventually setup Ranger KMS on both my clusters. Once I do that, my Java client would have to read files from one encrypted zone in cluster #1 and write data to another encrypted zone in cluster #2. They will both be managed as separate KMS instances. How would I set this up? Would I have to include two separate properties in my hdfs-site and core-site? or would the dfs.encryption.key.provider.uri property support a comma separated list of KMS hosts from 2 separate clusters?