Docs: Secrets engines: KMIP (#7932)
- Streamline flow of introductory paragraph - Grammar edits - Remove trailing space
This commit is contained in:
parent
1065672b2f
commit
f8457d4d55
|
@ -10,11 +10,11 @@ description: |-
|
|||
|
||||
# KMIP Secrets Engine
|
||||
|
||||
The KMIP secrets engine allows Vault to act as a KMIP server provider and handle
|
||||
the lifecycle of it KMIP managed objects. KMIP, which stands for [Key Management
|
||||
Interoperability Protocol](#kmip-spec), is a standardized protocol that allows
|
||||
The KMIP secrets engine allows Vault to act as a [Key Management
|
||||
Interoperability Protocol](#kmip-spec) (KMIP) server provider and handle
|
||||
the lifecycle of its KMIP managed objects. KMIP is a standardized protocol that allows
|
||||
services and applications to perform cryptographic operations without having to
|
||||
manage cryptographic material, otherwise known as manage objects, by delegating
|
||||
manage cryptographic material, otherwise known as managed objects, by delegating
|
||||
its storage and lifecycle to a key management server.
|
||||
|
||||
## Setup
|
||||
|
@ -42,7 +42,7 @@ TLS parameters, or leave unwritten to use default values
|
|||
|
||||
The KMIP secrets engine uses the concept of scopes to partition KMIP managed
|
||||
object storage into multiple named buckets. Within a scope, roles can be created
|
||||
which dictates the set of allowed operations that the particular role can perform.
|
||||
which dictate the set of allowed operations that the particular role can perform.
|
||||
TLS client certificates can be generated for a role, which services and applications
|
||||
can then use when sending KMIP requests against Vault's KMIP secret engine.
|
||||
|
||||
|
@ -68,9 +68,9 @@ deny.
|
|||
### Client Certificate Generation
|
||||
|
||||
Once a scope and role has been created, client certificates can be generated for
|
||||
that role. The client certificate then can be provided to applications and
|
||||
services that supports KMIP to establish communication with Vault's KMIP server.
|
||||
The certificate contains scope and role identifiers embedded in the certificate,
|
||||
that role. The client certificate can then be provided to applications and
|
||||
services that support KMIP to establish communication with Vault's KMIP server.
|
||||
Scope and role identifiers are embedded in the certificate,
|
||||
which will be used when evaluating permissions during a KMIP request.
|
||||
|
||||
1. Generate a client certificate. This returns the CA Chain, the certificate,
|
||||
|
|
Loading…
Reference in a new issue