backport of commit d1fda88

hashicorp · Apr 8, 2024 · 4b143c7 · 4b143c7
1 parent 049dc66
commit 4b143c7
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/website/content/docs/secrets/kmip.mdx b/website/content/docs/secrets/kmip.mdx
@@ -74,6 +74,15 @@ requests.
     ```text
     $ vault write kmip/config listen_addrs=0.0.0.0:5696
     ```
+### KMIP Certificate Authority for Client Certificates
+
+When the KMIP Secrets Engine is initially configured, Vault generates a KMIP 
+Certificate Authority (CA) whose only purpose is to authenticate KMIP client
+certificates.
+
+Vault uses the internal KMIP CA to generate certificates for clients
+authenticating to Vault with the KMIP protocol. You cannot import external KMIP
+authorities. All KMIP authentication must use the internally-generated KMIP CA.
 
 ## Usage