diff --git a/website/content/docs/secrets/kmip-profiles.mdx b/website/content/docs/secrets/kmip-profiles.mdx
new file mode 100644
index 0000000000..bbce5365f9
--- /dev/null
+++ b/website/content/docs/secrets/kmip-profiles.mdx
@@ -0,0 +1,262 @@
+---
+layout: docs
+page_title: KMIP - Profiles Support
+description: |-
+ The KMIP profiles define the use of KMIP objects, attributes, operations, message elements
+ and authentication methods within specific contexts of KMIP server and client interaction.
+ These profiles define a set of normative constraints for employing KMIP within a particular
+ environment or context of use.
+---
+
+# KMIP Profiles Version 1.4
+
+This document specifies conformance clauses in accordance with the OASIS TC Process ([TC-PROC section 2.18 paragraph 8a][tc-proc-2.18] )
+for the KMIP Specification ([KMIP-SPEC 12.1 and 12.2][kmip-spec]) for a KMIP server or KMIP client through profiles that define the
+use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of
+KMIP server and client interaction.
+
+Vault implements version 1.4 of the following Key Management Interoperability Protocol Profiles:
+
+## [Baseline Server][baseline-server]
+ 1. Supports the following objects:
+
+ | Object | Supported |
+ | ----------------------------------------------------------------------- | :-------: |
+ | Attribute [KMIP-SPEC 2.1.1][kmip-spec-2.1.1] | ✅ |
+ | Credential [KMIP-SPEC 2.1.2][kmip-spec-2.1.2] | ✅ |
+ | Key Block [KMIP-SPEC 2.1.3][kmip-spec-2.1.3] | ✅ |
+ | Key Value [KMIP-SPEC 2.1.4][kmip-spec-2.1.4] | ✅ |
+ | Template-Attribute Structure [KMIP-SPEC 2.1.8][kmip-spec-2.1.8] | ✅ |
+ | Extension Information [KMIP-SPEC 2.1.9][kmip-spec-2.1.9] | ✅ |
+ | Profile Information [KMIP-SPEC 2.1.19][kmip-spec-2.1.19] | ✅ |
+ | Validation Information [KMIP-SPEC 2.1.20][kmip-spec-2.1.20] | ✅ |
+ | Capability Information [KMIP-SPEC 2.1.21][kmip-spec-2.1.21] | ✅ |
+
+ 2. Supports the following subsets of attributes:
+
+ | Attribute | Supported | Notes |
+ | -----------------------------------------------------------------------| :-------: | :----: |
+ | Unique Identifier [KMIP-SPEC 3.1][kmip-spec-3.1] | ✅ | |
+ | Name [KMIP-SPEC 3.2][kmip-spec-3.2] | ✅ | |
+ | Object Type [KMIP-SPEC 3.3][kmip-spec-3.3] | ✅ | |
+ | Cryptographic Algorithm [KMIP-SPEC 3.4][kmip-spec-3.4] | ✅ | |
+ | Cryptographic Length [KMIP-SPEC 3.5][kmip-spec-3.5] | ✅ | |
+ | Cryptographic Parameters [KMIP-SPEC 3.6][kmip-spec-3.6] | ✅ | |
+ | Digest [KMIP-SPEC 3.17][kmip-spec-3.17] | ✅ | |
+ | Cryptographic Usage Mask [KMIP-SPEC 3.19][kmip-spec-3.19] | ✅ | |
+ | State [KMIP-SPEC 3.22][kmip-spec-3.22] | ✅ | |
+ | Initial Date [KMIP-SPEC 3.23][kmip-spec-3.23] | ✅ | |
+ | Process Start Date [KMIP-SPEC 3.25][kmip-spec-3.25] | ✅ | Vault 1.11 |
+ | Protect Stop Date [KMIP-SPEC 3.26][kmip-spec-3.26] | ✅ | Vault 1.11 |
+ | Activation Date [KMIP-SPEC 3.24][kmip-spec-3.24] | ✅ | |
+ | Deactivation Date [KMIP-SPEC 3.27][kmip-spec-3.27] | ✅ | |
+ | Compromise Occurrence Date [KMIP-SPEC 3.29][kmip-spec-3.29] | ✅ | |
+ | Compromise Date [KMIP-SPEC 3.30][kmip-spec-3.30] | ✅ | |
+ | Revocation Reason [KMIP-SPEC 3.31][kmip-spec-3.31] | ✅ | |
+ | Object Group [KMIP-SPEC 3.33][kmip-spec-3.33] | ✅ | |
+ | Fresh [KMIP-SPEC 3.34][kmip-spec-3.34] | ✅ | |
+ | Link [KMIP-SPEC 3.35][kmip-spec-3.35] | ✅ | |
+ | Last Change Date [KMIP-SPEC 3.38][kmip-spec-3.38] | ✅ | |
+ | Alternative Name [KMIP-SPEC 3.40][kmip-spec-3.40] | ✅ | Vault 1.12 |
+ | Key Value Present [KMIP-SPEC 3.41][kmip-spec-3.41] | ✅ | Vault 1.12 |
+ | Key Value Location [KMIP-SPEC 3.42][kmip-spec-3.42] | 🔴 | |
+ | Original Creation Date [KMIP-SPEC 3.43][kmip-spec-3.43] | ✅ | |
+ | Random Number Generator [KMIP-SPEC 3.44][kmip-spec-3.44] | ✅ | |
+ | Description [KMIP-SPEC 3.46][kmip-spec-3.46] | ✅ | |
+ | Comment [KMIP-SPEC 3.47][kmip-spec-3.47] | ✅ | |
+ | Sensitive [KMIP-SPEC 3.48][kmip-spec-3.48] | ✅ | |
+ | Always Sensitive [KMIP-SPEC 3.49][kmip-spec-3.49] | ✅ | |
+ | Extractable [KMIP-SPEC 3.50][kmip-spec-3.50] | ✅ | |
+ | Never Extractable [KMIP-SPEC 3.51][kmip-spec-3.51] | ✅ | |
+
+ 3. Supports the following client-to-server operations:
+
+ | Operation | Supported | Notes |
+ | ------------------------------------------------------| :--------:|:-----:|
+ | Locate [KMIP-SPEC 4.9][kmip-spec-4.9] | ✅ | Vault version 1.11 supports attributes Activation Date, Application Specific Information, Cryptographic Algorithm, Cryptographic Length, Name, Object Type, Original Creation Date, and State.
Vault version 1.12 supports all profile attributes except for Key Value Location. |
+ | Check [KMIP-SPEC 4.10][kmip-spec-4.10] | 🔴 | |
+ | Get [KMIP-SPEC 4.11][kmip-spec-4.11] | ✅ | |
+ | Get Attributes [KMIP-SPEC 4.12][kmip-spec-4.12] | ✅ | |
+ | Get Attribute List [KMIP-SPEC 4.13][kmip-spec-4.13] | ✅ | |
+ | Add Attribute [KMIP-SPEC 4.14][kmip-spec-4.14] | ✅ | |
+ | Modify Attribute [KMIP-SPEC 4.15][kmip-spec-4.15] | ✅ | Vault 1.12 |
+ | Delete Attribute [KMIP-SPEC 4.16][kmip-spec-4.16] | ✅ | Vault 1.12 |
+ | Activate [KMIP-SPEC 4.19][kmip-spec-4.19] | ✅ | |
+ | Revoke [KMIP-SPEC 4.20][kmip-spec-4.20] | ✅ | |
+ | Destroy [KMIP-SPEC 4.21][kmip-spec-4.21] | ✅ | |
+ | Query [KMIP-SPEC 4.25][kmip-spec-4.25] | ✅ | Vault 1.11 |
+ | Discover Versions [KMIP-SPEC 4.26][kmip-spec-4.26] | ✅ | |
+
+ 4.Supports the following message contents:
+
+ | Message Content | Supported |
+ | -----------------------------------------------------------------| :--------:|
+ | Protocol Version [KMIP-SPEC 6.1][kmip-spec-6.1] | ✅ |
+ | Operation [KMIP-SPEC 6.2][kmip-spec-6.2] | ✅ |
+ | Maximum Response Size [KMIP-SPEC 6.3][kmip-spec-6.3] | ✅ |
+ | Unique Batch Item ID [KMIP-SPEC 6.4][kmip-spec-6.4] | ✅ |
+ | Time Stamp [KMIP-SPEC 6.5][kmip-spec-6.5] | ✅ |
+ | Asynchronous Indicator [KMIP-SPEC 6.7][kmip-spec-6.7] | ✅ |
+ | Result Status [KMIP-SPEC 6.9][kmip-spec-6.9] | ✅ |
+ | Result Reason [KMIP-SPEC 6.10][kmip-spec-6.10] | ✅ |
+ | Batch Order Option [KMIP-SPEC 6.12][kmip-spec-6.12] | ✅ |
+ | Batch Error Continuation Option [KMIP-SPEC 6.13][kmip-spec-6.13] | ✅ |
+ | Batch Count [KMIP-SPEC 6.14][kmip-spec-6.14] | ✅ |
+ | Batch Item [KMIP-SPEC 6.15][kmip-spec-6.15] | ✅ |
+ | Attestation Capable Indicator [KMIP-SPEC 6.17][kmip-spec-6.17] | ✅ |
+ | Client Correlation Value [KMIP-SPEC 6.18][kmip-spec-6.18] | ✅ |
+ | Server Correlation Value [KMIP-SPEC 6.19][kmip-spec-6.19] | ✅ |
+ | Message Extension [KMIP-SPEC 6.16][kmip-spec-6.16] | ✅ |
+
+ 5. Supports the ID Placeholder [KMIP-SPEC 4][kmip-spec-4]
+ 6. Supports Message Format [KMIP-SPEC 7][kmip-spec-7]
+ 7. Supports Authentication [KMIP-SPEC 8][kmip-spec-8]
+ 8. Supports the TTLV encoding [KMIP-SPEC 9.1][kmip-spec-9.1]
+ 9. Supports the transport requirements [KMIP-SPEC 10][kmip-spec-10]
+ 10. Supports Error Handling [KMIP-SPEC 11][kmip-spec-11] for any supported object, attribute, or operation
+ 11. Optionally supports any clause within [KMIP-SPEC][kmip-spec] that is not listed above
+ 12. Optionally supports extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements - We do not have any extensions
+
+## [Symmetric Key Lifecycle Server][lifecycle-server]
+
+ 1. SHALL conform to the [Baseline Server][baseline-server]
+ 2. Supports the following objects:
+
+ | Object | Supported |
+ | -----------------------------------------------------------------------| :----- --:|
+ | Symmetric Key [KMIP-SPEC 2.2.2][kmip-spec-2.2.2] | ✅ |
+ | Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] | ✅ |
+
+ 3. Supports the following subsets of attributes:
+
+ | Attribute | Supported | Notes |
+ | -----------------------------------------------------------------------| :-------: | :---: |
+ | Cryptographic Algorithm [KMIP-SPEC 3.4][kmip-spec-3.4] | ✅ | |
+ | Object Type [KMIP-SPEC 3.3][kmip-spec-3.3] | ✅ | |
+ | Process Start Date [KMIP-SPEC 3.25][kmip-spec-3.25] | ✅ | Vault 1.11 |
+ | Protect Stop Date [KMIP-SPEC 3.26][kmip-spec-3.26] | ✅ | Vault 1.11 |
+
+ 4. Supports the following client-to-server operations:
+
+ | Operation | Supported |
+ | ------------------------------------------------------| :--------:|
+ | Create [KMIP-SPEC 4.1][kmip-spec-4.1] | ✅ |
+
+ 5. Supports the following message encoding:
+
+ | Message Encoding | Supported | Notes |
+ | -------------------------------------------------------------------------------------| :--------:|:-----:|
+ | Cryptographic Algorithm [KMIP-SPEC 9.1.3.2.13][kmip-spec-9.1.3.2.13] with values: | | |
+ | i. 3DES | ✅ | Vault 1.12 |
+ | ii. AES | ✅ | |
+ | Object Type [KMIP-SPEC 9.1.3.2.12][kmip-spec-9.1.3.2.12] with value: | | |
+ | i. Symmetric Key | ✅ | |
+ | Key Format Type [KMIP-SPEC 9.1.3.2.3][kmip-spec-9.1.3.2.3] with value: | | |
+ | i. Raw | ✅ | |
+ | ii. Transparent Symmetric Key | 🔴 | |
+
+ 6. MAY support any clause within [KMIP-SPEC][kmip-spec] provided it does not conflict with any other clause within the section [Symmetric Key Lifecycle Server][lifecycle-server]
+ 7. MAY support extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements.
+
+## [Basic Cryptographic Server][basic-cryptographic-server]
+
+ 1. SHALL conform to the [Baseline Server][baseline-server]
+ 2. Supports the following client-to-server operations:
+
+ | Operation | Supported | Notes |
+ | ------------------------------------------------------| :--------:| --------|
+ | Encrypt [KMIP-SPEC 4.29][kmip-spec-4.29] | ✅ | Vault 1.11
Supported for AES, unsupported for 3DES:
Supported Block Cipher Modes:
- GCM
- CBC
- CFB
- CTR
- ECB
- OFB
Stream operations are supported except for GCM block cipher mode.
Supported padding methods:
- None
- PKCS5
|
+ | Decypt [KMIP-SPEC 4.30][kmip-spec-4.30] | ✅ | Vault 1.11
Supported for AES, unsupported for 3DES:
Supported Block Cipher Modes:
- GCM
- CBC
- CFB
- CTR
- ECB
- OFB
Stream operations are supported except for GCM block cipher mode.
Supported padding methods:
- None
- PKCS5
| |
+
+ 3. MAY support any clause within [KMIP-SPEC][kmip-spec] provided it does not conflict with any other clause within the section [Basic Cryptographic Server][basic-cryptographic-server]
+ 4. MAY support extensions outside the scope of this standard (e.g., vendor extensions, conformance clauses) that do not contradict any KMIP requirements.
+
+
+ [kmip-spec-2.1.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660735
+ [kmip-spec-2.1.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660736
+ [kmip-spec-2.1.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660737
+ [kmip-spec-2.1.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660738
+ [kmip-spec-2.1.8]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660757
+ [kmip-spec-2.1.9]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660758
+ [kmip-spec-2.1.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660768
+ [kmip-spec-2.1.20]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660769
+ [kmip-spec-2.1.21]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660770
+ [kmip-spec-3.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660784
+ [kmip-spec-3.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660785
+ [kmip-spec-3.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660786
+ [kmip-spec-3.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660787
+ [kmip-spec-3.5]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660788
+ [kmip-spec-3.6]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660789
+ [kmip-spec-3.17]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660800
+ [kmip-spec-3.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660807
+ [kmip-spec-3.22]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660810
+ [kmip-spec-3.23]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660811
+ [kmip-spec-3.25]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660813
+ [kmip-spec-3.26]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660814
+ [kmip-spec-3.24]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660812
+ [kmip-spec-3.27]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660815
+ [kmip-spec-3.29]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660817
+ [kmip-spec-3.30]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660818
+ [kmip-spec-3.31]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660819
+ [kmip-spec-3.33]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660821
+ [kmip-spec-3.34]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660822
+ [kmip-spec-3.35]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660823
+ [kmip-spec-3.38]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660826
+ [kmip-spec-3.40]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660828
+ [kmip-spec-3.41]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660829
+ [kmip-spec-3.42]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660830
+ [kmip-spec-3.43]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660831
+ [kmip-spec-3.44]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660832
+ [kmip-spec-3.46]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660834
+ [kmip-spec-3.47]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660835
+ [kmip-spec-3.48]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660836
+ [kmip-spec-3.49]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660837
+ [kmip-spec-3.50]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660838
+ [kmip-spec-3.51]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660839
+ [kmip-spec-4.9]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660849
+ [kmip-spec-4.10]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660850
+ [kmip-spec-4.11]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660851
+ [kmip-spec-4.12]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660852
+ [kmip-spec-4.13]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660853
+ [kmip-spec-4.14]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660854
+ [kmip-spec-4.15]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660855
+ [kmip-spec-4.16]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660856
+ [kmip-spec-4.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660859
+ [kmip-spec-4.20]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660860
+ [kmip-spec-4.21]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660861
+ [kmip-spec-4.25]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660865
+ [kmip-spec-4.26]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660866
+ [kmip-spec-6.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660887
+ [kmip-spec-6.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660888
+ [kmip-spec-6.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660889
+ [kmip-spec-6.4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660890
+ [kmip-spec-6.5]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660891
+ [kmip-spec-6.7]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660893
+ [kmip-spec-6.9]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660895
+ [kmip-spec-6.10]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660896
+ [kmip-spec-6.12]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660898
+ [kmip-spec-6.13]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660899
+ [kmip-spec-6.14]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660900
+ [kmip-spec-6.15]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660901
+ [kmip-spec-6.17]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660903
+ [kmip-spec-6.18]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660904
+ [kmip-spec-6.19]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660905
+ [kmip-spec-6.16]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660902
+ [kmip-spec-4]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660840
+ [kmip-spec-7]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660906
+ [kmip-spec-8]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660909
+ [kmip-spec-9.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660911
+ [kmip-spec-10]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660973
+ [kmip-spec-11]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660974
+ [kmip-spec]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html
+ [kmip-spec-2.2.2]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660775
+ [kmip-spec-9.1.3.2.3]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660923
+ [kmip-spec-4.1]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660841
+ [kmip-spec-9.1.3.2.13]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660933
+ [kmip-spec-9.1.3.2.12]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660932
+ [kmip-spec-4.29]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660869
+ [kmip-spec-4.30]: https://docs.oasis-open.org/kmip/spec/v1.4/errata01/os/kmip-spec-v1.4-errata01-os-redlined.html#_Toc490660870
+ [baseline-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431430
+ [lifecycle-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431487
+ [basic-cryptographic-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431527
+ [tc-proc-2.18]: https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26/technical-committee-tc-process-27-july-2011/#specQuality
diff --git a/website/content/docs/secrets/kmip.mdx b/website/content/docs/secrets/kmip.mdx
index 993cfa1da1..fdb2896dae 100644
--- a/website/content/docs/secrets/kmip.mdx
+++ b/website/content/docs/secrets/kmip.mdx
@@ -3,7 +3,7 @@ layout: docs
page_title: KMIP - Secrets Engines
description: |-
The KMIP secrets engine allows Vault to act as a KMIP server provider and
- handle the lifecycle of it KMIP managed objects.
+ handle the lifecycle of its KMIP managed objects.
---
# KMIP Secrets Engine
@@ -25,12 +25,9 @@ Vault's KMIP secrets engine listens on a separate port from the standard Vault l
Vault implements version 1.4 of the following Key Management Interoperability Protocol Profiles:
* [Baseline Server][baseline-server]
- * Supports all profile attributes except for *Alternative Name*, *Key Value Present* and
- *Key Value Location*.
- * Supports all profile operations except for *Check*, *Modify Attribute* and *Delete Attribute*.
- * Operation *Locate* only supports attributes *Activation Date*, *Application
- Specific Information*, *Cryptographic Algorithm*, *Cryptographic Length*,
- *Name*, *Object Type*, *Original Creation Date*, and *State*.
+ * Supports all profile attributes except for *Key Value Location*.
+ * Supports all profile operations except for *Check*.
+ * Operation *Locate* supports all profile attributes except for *Key Value Location*.
* [Symmetric Key Lifecycle Server][lifecycle-server]
* Supports cryptographic algorithm *AES* (*3DES* is not supported).
@@ -38,9 +35,11 @@ Vault implements version 1.4 of the following Key Management Interoperability Pr
* [Basic Cryptographic Server][basic-cryptographic-server]
* Supports block cipher modes *CBC*, *CFB*, *CTR*, *ECB*, *GCM*, and *OFB*.
- * On mulit-part (streaming) operations, block cipher mode *GCM* is not supported.
+ * On multi-part (streaming) operations, block cipher mode *GCM* is not supported.
* The supported padding methods are *None* and *PKCS5*.
+Refer to [KMIP - Profiles Support](/docs/secrets/kmip-profiles) page for more details.
+
[baseline-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431430
[lifecycle-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431487
[basic-cryptographic-server]: http://docs.oasis-open.org/kmip/profiles/v1.4/os/kmip-profiles-v1.4-os.html#_Toc491431527
@@ -102,6 +101,7 @@ operation_activate
operation_add_attribute
operation_create
operation_decrypt
+operation_delete_attribute
operation_destroy
operation_discover_versions
operation_encrypt
@@ -110,6 +110,7 @@ operation_get_attribute_list
operation_get_attributes
operation_import
operation_locate
+operation_modify_attribute
operation_query
operation_register
operation_rekey
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index d6d90c95f0..666e14c272 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1110,6 +1110,11 @@
},
"path": "secrets/kmip"
},
+ {
+ "title": "KMIP - Profile Support",
+ "path": "secrets/kmip-profiles",
+ "hidden": true
+ },
{
"title": "Kubernetes",
"path": "secrets/kubernetes"