Support regulatory compliance

[!IMPORTANT]
Documentation Update: Product documentation, which were located in this repository under /website, are now located in hashicorp/web-unified-docs, colocated with all other product documentation. Contributions to this content should be done in the web-unified-docs repo, and not this one. Changes made to /website content in this repo will not be reflected on the developer.hashicorp.com website.

TBD TBD

Configure Vault as part of an HSM solution, FIPS compliant architecture, or PKCS11 authN workflow.

Vault Enterprise supports HSM for devices with PKCS#11 version 2.20+ interfaces with integration libraries for Linux/amd64 platforms. Compliance support includes:

HSM-wrapped root keys
automatic unsealing with the HSM-wrapped root key
entropy augmentation from external cryptographic modules
FIPS 140-2 compliant cryptography built into the Vault binary
FIPS seal wrapping for critical Security parameters

How HSM support changes Vault behavioral
HSM security details
FIPS compliance in Vault
Built-in FIPS 140-2 support