f6ac1be13a
* Begin restructuring FIPS documentation This creates a new FIPS category under Enterprise and copies the FIPS-specific seal wrap documentation into it. We leave the existing Seal Wrap page at the old path, but document that the FIPS-specific portions of it have moved. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add initial FIPS 140-2 inside documentation This documents the new FIPS 140-2 Inside binary and how to use and validate it. This also documents which algorithms are certified for use in the BoringCrypto distribution. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add notes about FIPS algorithm restrictions Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
25 lines
922 B
Plaintext
25 lines
922 B
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Enterprise FIPS
|
|
description: An overview of FIPS compliance in Vault.
|
|
---
|
|
|
|
# FIPS
|
|
|
|
The [Federal Information Processing Standard](https://www.nist.gov/federal-information-standards-fips)
|
|
is a cryptography-focused certification standard for U.S. Government usage.
|
|
|
|
Hashicorp's Vault Enterprise supports the modes of FIPS compliance documented below.
|
|
|
|
## FIPS 140-2 Inside
|
|
|
|
Vault Enterprise now includes release flavors with FIPS 140-2 compliant
|
|
cryptography built into the Vault binary. More information on these releases
|
|
can be found on the [FIPS 140-2 Inside](/docs/enterprise/fips/fips1402) page.
|
|
|
|
## Seal Wrap
|
|
|
|
Before our FIPS Inside effort, Vault [depended on](https://www.hashicorp.com/vault-compliance)
|
|
an external HSM for FIPS 140-2 compliance. This uses the [Seal Wrap](/docs/enterprise/fips/sealwrap)
|
|
functionality to wrap security relevant keys in an extra layer of encryption.
|