docs: Update KMS docs (#1204)

* docs: Update KMS docs

* docs: Adds release notes

* docs: Fix table spacing

* docs: Minor revision

* docs: Revise title

* docs: Change file name

* docs: Update KMS names on nav for consistency

Author: Dan-Heath

content/boundary/v0.20.x/content/docs/configuration/kms/ibmkp.mdx

@@ -0,0 +1,55 @@
+---
+layout: docs
+page_title: IBM Key Protect KMS configuration
+description: >-
+  Learn about using the IBM Key Protect KMS for key management and configuring parameters and authentication. View an example configuration.
+---
+
+# ibmkp KMS
+
+The IBM KMS configures Boundary to use IBM Key Protect for key management.
+
+## `ibmkp` example
+
+This example shows an IBM KMS stanza in the Boundary configuration file:
+
+````hcl
+kms "ibmkp" {
+    purpose     = "root"
+    api_key     = "8uEy9TUDVtUHuUGXpsMlpTb4rp8B_ZEfjU28ujik_nyw"
+    instance_id = "0647c737-906d-4f4e-8a68-2c187e11b29b"
+    key_id      = "key-protect-key1"
+    endpoint    = "https://cloud.ibm.com"
+    key_name    = "global_worker-auth"
+}
+````
+
+## `ibmkp` parameters
+
+The IBM KMS uses the following parameters in the `kms` stanza of the Boundary configuration file:
+
+- `purpose` - States the purpose of the KMS, supported values are `worker-auth`, `worker-auth-storage`, `root`, `previous-root`, `recovery`, `bsr`, or `config`.
+
+  To enable session recording, you must configure the `bsr` value for the `purpose`.
+
+- `api_key` `(string: "")` - The API key used to authenticate to IBM Cloud services.
+You can also specify this value using the `IBMCLOUD_API_KEY` environment variable.
+- `instance_id` `(string: <required>)` - The ID for the IBM Key Protect instance.
+You can also specify this value using the `IBMCLOUD_KP_INSTANCE_ID` environment variable.
+- `key_id` `(string: <required>)` - The IBM Key Protect key to use for encryption and decryption.
+You can also specify this value using the `IBMCLOUD_KP_KEY_ID` environment variable.
+- `endpoint` `(string: "")` - The KMS API endpoint to use for making IBM KMS requests.
+You can also specify this value using the `IBM_KP_ENDPOINT` environment variable.
+- `key_name` - The unique name for this key.
+It is used to identify the key when you perform a root key migration.
+
+## Authentication
+
+You must provide authentication-related values either as environment variables or as configuration parameters.
+
+The IBM Key Protect authentication values include:
+
+- `IBMCLOUD_API_KEY`
+- `IBMCLOUD_KP_INSTANCE_ID`
+- `IBMCLOUD_KP_KEY_ID`
+- `IBMCLOUD_KP_ENDPOINT`

content/boundary/v0.20.x/content/docs/configuration/kms/index.mdx

@@ -37,5 +37,6 @@ For specific KMS examples, refer to the following topics:
 - [AWS KMS](/boundary/docs/configuration/kms/awskms)
 - [Azure Key Vault KMS](/boundary/docs/configuration/kms/azurekeyvault)
 - [GCP Cloud KMS](/boundary/docs/configuration/kms/gcpckms)
+- [IBM KMS](/boundary/docs/configuration/kms/ibmkp)
 - [OCI KMS](/boundary/docs/configuration/kms/ocikms)
 - [Vault Transit KMS](/boundary/docs/configuration/kms/transit)

content/boundary/v0.20.x/content/docs/release-notes/v0_20_0.mdx

@@ -121,6 +121,21 @@ description: >-
     </td>
   </tr>
 
+  <tr>
+    <td style={{verticalAlign: 'middle'}}>
+      IBM Key Protect KMS support
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+      GA in version 0.20.1
+    </td>
+    <td style={{verticalAlign: 'middle'}}>
+    Boundary now supports IBM Key Protect for key management.
+    <br /><br />You can configure IBM Key Protect as the KMS to manage encryption keys for various functions.
+    <br /><br />
+    Learn more:&nbsp;<a href="/boundary/docs/secure/encryption/data-encryption">Data encryption in Boundary</a> and <a href="/boundary/docs/configuration/kms/ibmkms">ibmkms KMS</a>.
+    </td>
+  </tr>
+
   </tbody>
 </table>
 

content/boundary/v0.20.x/data/docs-nav-data.json

@@ -2087,31 +2087,35 @@
             "path": "configuration/kms"
           },
           {
-            "title": "AEAD",
+            "title": "AEAD KMS",
             "path": "configuration/kms/aead"
           },
           {
-            "title": "AliCloud KMS",
+            "title": "AlibabaCloud KMS",
             "path": "configuration/kms/alicloudkms"
           },
           {
             "title": "AWS KMS",
             "path": "configuration/kms/awskms"
           },
           {
-            "title": "Azure Key Vault",
+            "title": "Azure Key Vault KMS",
             "path": "configuration/kms/azurekeyvault"
           },
           {
             "title": "GCP Cloud KMS",
             "path": "configuration/kms/gcpckms"
           },
+          {
+            "title": "IBM Key Protect KMS",
+            "path": "configuration/kms/ibmkp"
+          },
           {
             "title": "OCI KMS",
             "path": "configuration/kms/ocikms"
           },
           {
-            "title": "Vault transit",
+            "title": "Vault transit KMS",
             "path": "configuration/kms/transit"
           }
         ]