backport of commit 307d27ef770508ec569c59ee277ffbd58fea0be0 (#23857)
Co-authored-by: Scott Miller <smiller@hashicorp.com>
This commit is contained in:
parent
94eb1ad224
commit
ccfb338bee
|
@ -36,7 +36,7 @@ number operations on critical security parameters (CSPs).
|
||||||
|
|
||||||
These CSPs have been selected from our previous work in [evaluating Vault for conformance with
|
These CSPs have been selected from our previous work in [evaluating Vault for conformance with
|
||||||
FIPS 140-2 guidelines for key storage and key transport](https://www.datocms-assets.com/2885/1510600487-vault_compliance_letter_fips_140-2.pdf)
|
FIPS 140-2 guidelines for key storage and key transport](https://www.datocms-assets.com/2885/1510600487-vault_compliance_letter_fips_140-2.pdf)
|
||||||
and include the following:
|
and include (but not limited to) the following:
|
||||||
|
|
||||||
- Vault’s root key
|
- Vault’s root key
|
||||||
- Keyring encryption keys
|
- Keyring encryption keys
|
||||||
|
@ -52,6 +52,9 @@ and include the following:
|
||||||
- [SSH](/vault/docs/secrets/ssh) CA key generation, but not for key pair generation
|
- [SSH](/vault/docs/secrets/ssh) CA key generation, but not for key pair generation
|
||||||
- [KMIP](/vault/docs/secrets/kmip) uses EA for its TLS CA, server, and client
|
- [KMIP](/vault/docs/secrets/kmip) uses EA for its TLS CA, server, and client
|
||||||
certificates.
|
certificates.
|
||||||
|
- Passwords generated where password policies are supported.
|
||||||
|
- TOTP two factor keys.
|
||||||
|
|
||||||
|
|
||||||
## Enabling/Disabling
|
## Enabling/Disabling
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue