backport of commit 307d27ef770508ec569c59ee277ffbd58fea0be0 (#23857)

Co-authored-by: Scott Miller <smiller@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-10-26 13:59:59 -04:00 committed by GitHub
parent 94eb1ad224
commit ccfb338bee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions

View File

@ -36,7 +36,7 @@ number operations on critical security parameters (CSPs).
These CSPs have been selected from our previous work in [evaluating Vault for conformance with These CSPs have been selected from our previous work in [evaluating Vault for conformance with
FIPS 140-2 guidelines for key storage and key transport](https://www.datocms-assets.com/2885/1510600487-vault_compliance_letter_fips_140-2.pdf) FIPS 140-2 guidelines for key storage and key transport](https://www.datocms-assets.com/2885/1510600487-vault_compliance_letter_fips_140-2.pdf)
and include the following: and include (but not limited to) the following:
- Vaults root key - Vaults root key
- Keyring encryption keys - Keyring encryption keys
@ -52,6 +52,9 @@ and include the following:
- [SSH](/vault/docs/secrets/ssh) CA key generation, but not for key pair generation - [SSH](/vault/docs/secrets/ssh) CA key generation, but not for key pair generation
- [KMIP](/vault/docs/secrets/kmip) uses EA for its TLS CA, server, and client - [KMIP](/vault/docs/secrets/kmip) uses EA for its TLS CA, server, and client
certificates. certificates.
- Passwords generated where password policies are supported.
- TOTP two factor keys.
## Enabling/Disabling ## Enabling/Disabling