From de11f27713ea84d6d92984e94bc7bb36e3c579ee Mon Sep 17 00:00:00 2001
From: gabeknell <85521602+gabeknell@users.noreply.github.com>
Date: Thu, 2 May 2024 12:01:58 -0400
Subject: [PATCH] Update kmip.mdx (#24159)

* Update kmip.mdx

Added "performance standby" to the servers the KMIP client can connect to

---------

Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
---
 website/content/docs/secrets/kmip.mdx | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/website/content/docs/secrets/kmip.mdx b/website/content/docs/secrets/kmip.mdx
index 6289e9a111..83889d8f5a 100644
--- a/website/content/docs/secrets/kmip.mdx
+++ b/website/content/docs/secrets/kmip.mdx
@@ -18,7 +18,18 @@ services and applications to perform cryptographic operations without having to
 manage cryptographic material, otherwise known as managed objects, by delegating
 its storage and lifecycle to a key management server.
 
-Vault's KMIP secrets engine listens on a separate port from the standard Vault listener. Each Vault server in a Vault cluster configured with a KMIP secrets engine uses the same listener configuration. The KMIP listener defaults to port 5696 and is configurable to alternative ports, for example, if there are multiple KMIP secrets engine mounts configured.  KMIP clients connect and authenticate to this KMIP secrets engine listener port using generated TLS certificates. KMIP clients may connect directly to any of the Vault servers on the configured KMIP port. A layer 4 TCP load balancer may be used in front of the Vault server's KMIP ports. The load balancer should support long-lived connections and it may use a round robin routing algorithm as Vault servers will forward to the primary Vault server, if necessary.
+Vault's KMIP secrets engine listens on a separate port from the standard Vault
+listener. Each Vault server in a Vault cluster configured with a KMIP secrets
+engine uses the same listener configuration. The KMIP listener defaults to port
+5696 and is configurable to alternative ports, for example, if there are
+multiple KMIP secrets engine mounts configured.  KMIP clients connect and
+authenticate to this KMIP secrets engine listener port using generated TLS
+certificates. KMIP clients may connect directly to the Vault active server, or
+any of the Vault performance standby servers, on the configured KMIP port. A
+layer 4 tcp load balancer may be used in front of the Vault server's KMIP ports.
+The load balancer should support long-lived connections and it may use a round
+robin routing algorithm as Vault servers will forward to the primary Vault
+server, if necessary.
 
 ## KMIP conformance