diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0c1022b5d..61d98b17e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -112,7 +112,9 @@ variables:
     - rm -rf ${ESP_MATTER_PATH}/../platform
     - mkdir -p ${ESP_MATTER_PATH}/../platform
     - cp -r ${CHIP_SUBMODULE_PATH}/src/platform/ESP32 $ESP_MATTER_PATH/../platform/ESP32_custom
-    - cp ${ESP_MATTER_PATH}/examples/common/external_platform/BUILD.gn $ESP_MATTER_PATH/../platform/ESP32_custom
+    # We have modified the ESP32SecureCertDataProvider.h file to include the ESP32FactoryDataProvider.h
+    # So copying all files from the external_platform directory.
+    - cp ${ESP_MATTER_PATH}/examples/common/external_platform/* $ESP_MATTER_PATH/../platform/ESP32_custom/
     - cd ${ESP_MATTER_PATH}/examples/light
     - cp sdkconfig.defaults sdkconfig.defaults.backup
     - cp sdkconfig.defaults.ext_plat_ci sdkconfig.defaults
diff --git a/examples/common/blemesh_platform/platform/ESP32_custom/BUILD.gn b/examples/common/blemesh_platform/platform/ESP32_custom/BUILD.gn
index 8ba380fc1..e675ff781 100644
--- a/examples/common/blemesh_platform/platform/ESP32_custom/BUILD.gn
+++ b/examples/common/blemesh_platform/platform/ESP32_custom/BUILD.gn
@@ -87,6 +87,7 @@ buildconfig_header("custom_buildconfig") {
     "EXTERNAL_ESP32DEVICEINFOPROVIDER_HEADER=<platform/ESP32_custom/ESP32DeviceInfoProvider.h>",
     "EXTERNAL_ESP32FACTORYDATAPROVIDER_HEADER=<platform/ESP32_custom/ESP32FactoryDataProvider.h>",
     "EXTERNAL_ESP32SECURECERTDACPROVIDER_HEADER=<platform/ESP32_custom/ESP32SecureCertDACProvider.h>",
+    "EXTERNAL_ESP32SECURECERTDATAPROVIDER_HEADER=<platform/ESP32_custom/ESP32SecureCertDataProvider.h>",
     "CHIP_CONFIG_SOFTWARE_VERSION_NUMBER=${chip_config_software_version_number}",
     "CHIP_DEVICE_CONFIG_MAX_DISCOVERED_IP_ADDRESSES=${chip_max_discovered_ip_addresses}",
   ]
diff --git a/examples/common/blemesh_platform/platform/ESP32_custom/ESP32SecureCertDataProvider.cpp b/examples/common/blemesh_platform/platform/ESP32_custom/ESP32SecureCertDataProvider.cpp
new file mode 120000
index 000000000..e20a78dd9
--- /dev/null
+++ b/examples/common/blemesh_platform/platform/ESP32_custom/ESP32SecureCertDataProvider.cpp
@@ -0,0 +1 @@
+../../../../../connectedhomeip/connectedhomeip/src/platform/ESP32/ESP32SecureCertDataProvider.cpp
\ No newline at end of file
diff --git a/examples/common/blemesh_platform/platform/ESP32_custom/ESP32SecureCertDataProvider.h b/examples/common/blemesh_platform/platform/ESP32_custom/ESP32SecureCertDataProvider.h
new file mode 100644
index 000000000..c449d7e70
--- /dev/null
+++ b/examples/common/blemesh_platform/platform/ESP32_custom/ESP32SecureCertDataProvider.h
@@ -0,0 +1,62 @@
+/*
+ *
+ *    Copyright (c) 2024 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+/*
+ * ESP32FactoryDataProvider reads the commissionable data and device instance information from the factory partition.
+ * This implementation extends that behaviour to read the commissionable data from secure cert partition.
+ * It also extends the behaviour to read the unique id for generating rotating device identifier from the secure cert
+ * partition.
+ *
+ */
+
+#pragma once
+
+#include <lib/core/CHIPError.h>
+#include <lib/support/Span.h>
+// original file includes from ESP32 directory and hence it won't be able to find the ESP32FactoryDataProvider.h
+// so switching to the external_platform directory, till the connectedhomeip repo switches to quoted includes.
+#include "ESP32FactoryDataProvider.h"
+
+#include <esp_secure_cert_tlv_config.h>
+
+namespace chip {
+namespace DeviceLayer {
+
+class ESP32SecureCertDataProvider : public ESP32FactoryDataProvider
+{
+public:
+    // CommissionableDataProvider implementation
+    CHIP_ERROR GetSetupDiscriminator(uint16_t & setupDiscriminator) override;
+    CHIP_ERROR GetSpake2pIterationCount(uint32_t & iterationCount) override;
+    CHIP_ERROR GetSpake2pSalt(MutableByteSpan & saltBuf) override;
+    CHIP_ERROR GetSpake2pVerifier(MutableByteSpan & verifierBuf, size_t & verifierLen) override;
+
+#if CHIP_DEVICE_CONFIG_ENABLE_DEVICE_INSTANCE_INFO_PROVIDER
+    // GetRotatingDeviceIdUniqueId from GenericDeviceInstanceInfoProvider
+    CHIP_ERROR GetRotatingDeviceIdUniqueId(MutableByteSpan & uniqueIdSpan) override;
+#endif // CHIP_DEVICE_CONFIG_ENABLE_DEVICE_INSTANCE_INFO_PROVIDER
+
+    // esp-secure-cert partition contains two 32-byte fixed random values that are set during manufacturing
+    // and remain constant for the lifetime of the device. These are unique per device and can be used
+    // for device identification, serial numbers, or any other purpose requiring a device-specific identifier.
+    static constexpr uint32_t kFixedRandomValueLength = 32;
+    static CHIP_ERROR GetFixedRandom1(MutableByteSpan & randomBuf);
+    static CHIP_ERROR GetFixedRandom2(MutableByteSpan & randomBuf);
+};
+
+} // namespace DeviceLayer
+} // namespace chip
diff --git a/examples/common/external_platform/BUILD.gn b/examples/common/external_platform/BUILD.gn
index 2841d2caa..ebcfde676 100644
--- a/examples/common/external_platform/BUILD.gn
+++ b/examples/common/external_platform/BUILD.gn
@@ -82,6 +82,7 @@ buildconfig_header("custom_buildconfig") {
     "EXTERNAL_ESP32DEVICEINFOPROVIDER_HEADER=<platform/ESP32_custom/ESP32DeviceInfoProvider.h>",
     "EXTERNAL_ESP32FACTORYDATAPROVIDER_HEADER=<platform/ESP32_custom/ESP32FactoryDataProvider.h>",
     "EXTERNAL_ESP32SECURECERTDACPROVIDER_HEADER=<platform/ESP32_custom/ESP32SecureCertDACProvider.h>",
+    "EXTERNAL_ESP32SECURECERTDATAPROVIDER_HEADER=<platform/ESP32_custom/ESP32SecureCertDataProvider.h>",
     "CHIP_CONFIG_SOFTWARE_VERSION_NUMBER=${chip_config_software_version_number}",
     "CHIP_DEVICE_CONFIG_MAX_DISCOVERED_IP_ADDRESSES=${chip_max_discovered_ip_addresses}",
   ]
diff --git a/examples/common/external_platform/ESP32SecureCertDataProvider.h b/examples/common/external_platform/ESP32SecureCertDataProvider.h
new file mode 100644
index 000000000..c449d7e70
--- /dev/null
+++ b/examples/common/external_platform/ESP32SecureCertDataProvider.h
@@ -0,0 +1,62 @@
+/*
+ *
+ *    Copyright (c) 2024 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+/*
+ * ESP32FactoryDataProvider reads the commissionable data and device instance information from the factory partition.
+ * This implementation extends that behaviour to read the commissionable data from secure cert partition.
+ * It also extends the behaviour to read the unique id for generating rotating device identifier from the secure cert
+ * partition.
+ *
+ */
+
+#pragma once
+
+#include <lib/core/CHIPError.h>
+#include <lib/support/Span.h>
+// original file includes from ESP32 directory and hence it won't be able to find the ESP32FactoryDataProvider.h
+// so switching to the external_platform directory, till the connectedhomeip repo switches to quoted includes.
+#include "ESP32FactoryDataProvider.h"
+
+#include <esp_secure_cert_tlv_config.h>
+
+namespace chip {
+namespace DeviceLayer {
+
+class ESP32SecureCertDataProvider : public ESP32FactoryDataProvider
+{
+public:
+    // CommissionableDataProvider implementation
+    CHIP_ERROR GetSetupDiscriminator(uint16_t & setupDiscriminator) override;
+    CHIP_ERROR GetSpake2pIterationCount(uint32_t & iterationCount) override;
+    CHIP_ERROR GetSpake2pSalt(MutableByteSpan & saltBuf) override;
+    CHIP_ERROR GetSpake2pVerifier(MutableByteSpan & verifierBuf, size_t & verifierLen) override;
+
+#if CHIP_DEVICE_CONFIG_ENABLE_DEVICE_INSTANCE_INFO_PROVIDER
+    // GetRotatingDeviceIdUniqueId from GenericDeviceInstanceInfoProvider
+    CHIP_ERROR GetRotatingDeviceIdUniqueId(MutableByteSpan & uniqueIdSpan) override;
+#endif // CHIP_DEVICE_CONFIG_ENABLE_DEVICE_INSTANCE_INFO_PROVIDER
+
+    // esp-secure-cert partition contains two 32-byte fixed random values that are set during manufacturing
+    // and remain constant for the lifetime of the device. These are unique per device and can be used
+    // for device identification, serial numbers, or any other purpose requiring a device-specific identifier.
+    static constexpr uint32_t kFixedRandomValueLength = 32;
+    static CHIP_ERROR GetFixedRandom1(MutableByteSpan & randomBuf);
+    static CHIP_ERROR GetFixedRandom2(MutableByteSpan & randomBuf);
+};
+
+} // namespace DeviceLayer
+} // namespace chip