Vault: Add Secure cluster with TLS to Concepts for all versions (#676)

Convert secure with TLS content from WAF to documentation and add to
Concepts for all versions.

Author: brianshumate

content/vault/v1.19.x/content/docs/deploy/why-use-tls.mdx

@@ -0,0 +1,50 @@
+---
+layout: docs
+page_title: Why use TLS?
+description: >-
+  Understand the benefits of securing your Vault clusters with end-to-end TLS.
+---
+
+# Why use TLS?
+
+You can enhance the overall security posture of your Vault cluster when you
+secure communications with TLS to ensure that data transmitted between Vault
+nodes and clients remains confidential and tamper-proof.
+
+@include 'ld-images/deploy/secure-vault-tls.mdx'
+
+Use mutual TLS with your Vault cluster deployments to protect sensitive data and
+prevent unauthorized access with enhanced compliance, governance, auditing
+capabilities, and incident response.
+
+## TLS benefits
+
+- **Improved data protection**.
+  TLS prevents unauthorized access or communication with the Vault cluster to
+  ensure data availability based on your security policies. TLS also protects
+  sensitive data in transit to prevent interception or tampering.
+
+- **Strong identity verification**.
+  Vault cluster nodes and clients verify identities from TLS certificates before
+  communicating to enable trusted operations and prevent impersonation.
+
+- **Improved compliance and governance**.
+  Implementing mutual TLS in your Vault clusters aligns your deployments with
+  industry best practices and regulatory requirements like HIPAA, PCI-DSS, and
+  others.
+
+- **Reduce risk of data leaks**.
+  When you operate Vault clusters with mutual TLS enabled, you minimize the risk
+  of data leaks and unauthorized access to sensitive information.
+
+- **Improved incident response**.
+  Mutual TLS helps to limit the exposure or damage from unauthorized access to
+  sensitive data stored in Vault, which makes incident response more
+  straightforward.
+
+## TLS resources
+
+- [Default Vault TLS configuration](/vault/docs/configuration/listener/tcp#default-tls-configuration)
+- [Configure TLS for your Vault TCP listener](/vault/docs/configuration/listener/tcp/tcp-tls)
+- [Vault installation to minikube via Helm with TLS enabled](/vault/tutorials/kubernetes/kubernetes-minikube-tls)
+- [Medium blog: Enabling TLS on your Vault cluster on Kubernetes](https://medium.com/@martin.hodges/enabling-tls-on-your-vault-cluster-on-kubernetes-0d20439b13d0)

content/vault/v1.19.x/content/partials/ld-images/deploy/secure-vault-tls.mdx

@@ -0,0 +1,11 @@
+<ImageConfig hideBorder>
+
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls-dark.png#dark-theme-only)
+
+</ImageConfig>
+
+<ImageConfig hideBorder>
+
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls.png#light-theme-only)
+
+</ImageConfig>

content/vault/v1.19.x/data/docs-nav-data.json

@@ -666,6 +666,10 @@
   {
     "title": "Deploy Vault",
     "routes": [
+      {
+        "title": "Why use TLS?",
+        "path": "deploy/why-use-tls"
+      },
       {
         "title": "Run as a service",
         "path": "deploy/run-as-service"

content/vault/v1.20.x/content/docs/deploy/why-use-tls.mdx

@@ -0,0 +1,50 @@
+---
+layout: docs
+page_title: Why use TLS?
+description: >-
+  Understand the benefits of securing your Vault clusters with end-to-end TLS.
+---
+
+# Why use TLS?
+
+You can enhance the overall security posture of your Vault cluster when you
+secure communications with TLS to ensure that data transmitted between Vault
+nodes and clients remains confidential and tamper-proof.
+
+@include 'ld-images/deploy/secure-vault-tls.mdx'
+
+Use mutual TLS with your Vault cluster deployments to protect sensitive data and
+prevent unauthorized access with enhanced compliance, governance, auditing
+capabilities, and incident response.
+
+## TLS benefits
+
+- **Improved data protection**.
+  TLS prevents unauthorized access or communication with the Vault cluster to
+  ensure data availability based on your security policies. TLS also protects
+  sensitive data in transit to prevent interception or tampering.
+
+- **Strong identity verification**.
+  Vault cluster nodes and clients verify identities from TLS certificates before
+  communicating to enable trusted operations and prevent impersonation.
+
+- **Improved compliance and governance**.
+  Implementing mutual TLS in your Vault clusters aligns your deployments with
+  industry best practices and regulatory requirements like HIPAA, PCI-DSS, and
+  others.
+
+- **Reduce risk of data leaks**.
+  When you operate Vault clusters with mutual TLS enabled, you minimize the risk
+  of data leaks and unauthorized access to sensitive information.
+
+- **Improved incident response**.
+  Mutual TLS helps to limit the exposure or damage from unauthorized access to
+  sensitive data stored in Vault, which makes incident response more
+  straightforward.
+
+## TLS resources
+
+- [Default Vault TLS configuration](/vault/docs/configuration/listener/tcp#default-tls-configuration)
+- [Configure TLS for your Vault TCP listener](/vault/docs/configuration/listener/tcp/tcp-tls)
+- [Vault installation to minikube via Helm with TLS enabled](/vault/tutorials/kubernetes/kubernetes-minikube-tls)
+- [Medium blog: Enabling TLS on your Vault cluster on Kubernetes](https://medium.com/@martin.hodges/enabling-tls-on-your-vault-cluster-on-kubernetes-0d20439b13d0)

content/vault/v1.20.x/content/partials/ld-images/deploy/secure-vault-tls.mdx

@@ -0,0 +1,2 @@
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls-dark.png#dark-theme-only)
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls.png#light-theme-only)

content/vault/v1.20.x/data/docs-nav-data.json

@@ -711,6 +711,10 @@
   {
     "title": "Deploy Vault",
     "routes": [
+      {
+        "title": "Why use TLS?",
+        "path": "deploy/why-use-tls"
+      },
       {
         "title": "Run as a service",
         "path": "deploy/run-as-service"