Skip to content

Commit

Permalink
backport of commit d1fda88 (#26302)
Browse files Browse the repository at this point in the history
Co-authored-by: James Bayer <[email protected]>
  • Loading branch information
2 people authored and akshya96 committed Apr 11, 2024
1 parent cd870dd commit 79e91ad
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions website/content/docs/secrets/kmip.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,15 @@ requests.
```text
$ vault write kmip/config listen_addrs=0.0.0.0:5696
```
### KMIP Certificate Authority for Client Certificates

When the KMIP Secrets Engine is initially configured, Vault generates a KMIP
Certificate Authority (CA) whose only purpose is to authenticate KMIP client
certificates.

Vault uses the internal KMIP CA to generate certificates for clients
authenticating to Vault with the KMIP protocol. You cannot import external KMIP
authorities. All KMIP authentication must use the internally-generated KMIP CA.

## Usage

Expand Down

0 comments on commit 79e91ad

Please sign in to comment.