Long story short my Primary MDS went bad due to R80.10's apparent inability to add and remove domains and CMA's properly (but that's a conversation for another time)
So I have followed instruction to promote my secondary CMA to Primary that seemed to work OK and added a new secondary MDS in place of the failed one. Touch wood all will be OK.
However one of my domains has a custom crypt.def and whilst seeking confidence that all will be well with my new Primary MDS / CMA I checked that the custom crypt.def is present in my new primary/active CMA and found that the config isn't there.
I looked at my R77.30 environment and can see that (as suggested) the cypt.def syncs between CMA's (unless I manually configured it on both CMA's in the past and I don't remember) but in R80.10 it doesn't seem to.
I have since re-created the crypt.def on the new primary CMA as I am rather worried what may happen when policy is pushed from that newly active CMA.
Is this expected behaviour i.e. once compiled on the Primary, the secondary's store this config elsewhere? Or is an isolated case in my environment and the sync is for some reason broken.
I'd appreciate it if someone could check their R80.10 HA MDS environment and see if the crypt.def is indeed being sync'd or not. Or just some guidance as to what is the expected behaviour.