suggested edits (#1121)

schavis · web-flow · commit aa74f02ab843 · 2025-10-16T12:06:00.000-07:00
diff --git a/content/vault/v1.19.x/content/docs/deploy/secure-cluster-with-tls.mdx b/content/vault/v1.19.x/content/docs/deploy/secure-cluster-with-tls.mdx
diff --git a/content/vault/v1.19.x/content/docs/deploy/why-use-tls.mdx b/content/vault/v1.19.x/content/docs/deploy/why-use-tls.mdx
@@ -0,0 +1,50 @@
+---
+layout: docs
+page_title: Why use TLS?
+description: >-
+  Understand the benefits of securing your Vault clusters with end-to-end TLS.
+---
+
+# Why use TLS?
+
+You can enhance the overall security posture of your Vault cluster when you
+secure communications with TLS to ensure that data transmitted between Vault
+nodes and clients remains confidential and tamper-proof.
+
+@include 'ld-images/deploy/secure-vault-tls.mdx'
+
+Use mutual TLS with your Vault cluster deployments to protect sensitive data and
+prevent unauthorized access with enhanced compliance, governance, auditing
+capabilities, and incident response.
+
+## TLS benefits
+
+- **Improved data protection**.
+  TLS prevents unauthorized access or communication with the Vault cluster to
+  ensure data availability based on your security policies. TLS also protects
+  sensitive data in transit to prevent interception or tampering.
+
+- **Strong identity verification**.
+  Vault cluster nodes and clients verify identities from TLS certificates before
+  communicating to enable trusted operations and prevent impersonation.
+
+- **Improved compliance and governance**.
+  Implementing mutual TLS in your Vault clusters aligns your deployments with
+  industry best practices and regulatory requirements like HIPAA, PCI-DSS, and
+  others.
+
+- **Reduce risk of data leaks**.
+  When you operate Vault clusters with mutual TLS enabled, you minimize the risk
+  of data leaks and unauthorized access to sensitive information.
+
+- **Improved incident response**.
+  Mutual TLS helps to limit the exposure or damage from unauthorized access to
+  sensitive data stored in Vault, which makes incident response more
+  straightforward.
+
+## TLS resources
+
+- [Default Vault TLS configuration](/vault/docs/configuration/listener/tcp#default-tls-configuration)
+- [Configure TLS for your Vault TCP listener](/vault/docs/configuration/listener/tcp/tcp-tls)
+- [Vault installation to minikube via Helm with TLS enabled](/vault/tutorials/kubernetes/kubernetes-minikube-tls)
+- [Medium blog: Enabling TLS on your Vault cluster on Kubernetes](https://medium.com/@martin.hodges/enabling-tls-on-your-vault-cluster-on-kubernetes-0d20439b13d0)
diff --git a/content/vault/v1.19.x/data/docs-nav-data.json b/content/vault/v1.19.x/data/docs-nav-data.json
@@ -667,12 +667,12 @@
     "title": "Deploy Vault",
     "routes": [
       {
-        "title": "Run as a service",
-        "path": "deploy/run-as-service"
+        "title": "Why use TLS?",
+        "path": "deploy/why-use-tls"
       },
       {
-        "title": "Secure cluster with TLS",
-        "path": "deploy/secure-cluster-with-tls"
+        "title": "Run as a service",
+        "path": "deploy/run-as-service"
       },
       {
         "title": "Run on AWS",
diff --git a/content/vault/v1.20.x/content/docs/deploy/secure-cluster-with-tls.mdx b/content/vault/v1.20.x/content/docs/deploy/secure-cluster-with-tls.mdx
diff --git a/content/vault/v1.20.x/content/docs/deploy/why-use-tls.mdx b/content/vault/v1.20.x/content/docs/deploy/why-use-tls.mdx
@@ -0,0 +1,50 @@
+---
+layout: docs
+page_title: Why use TLS?
+description: >-
+  Understand the benefits of securing your Vault clusters with end-to-end TLS.
+---
+
+# Why use TLS?
+
+You can enhance the overall security posture of your Vault cluster when you
+secure communications with TLS to ensure that data transmitted between Vault
+nodes and clients remains confidential and tamper-proof.
+
+@include 'ld-images/deploy/secure-vault-tls.mdx'
+
+Use mutual TLS with your Vault cluster deployments to protect sensitive data and
+prevent unauthorized access with enhanced compliance, governance, auditing
+capabilities, and incident response.
+
+## TLS benefits
+
+- **Improved data protection**.
+  TLS prevents unauthorized access or communication with the Vault cluster to
+  ensure data availability based on your security policies. TLS also protects
+  sensitive data in transit to prevent interception or tampering.
+
+- **Strong identity verification**.
+  Vault cluster nodes and clients verify identities from TLS certificates before
+  communicating to enable trusted operations and prevent impersonation.
+
+- **Improved compliance and governance**.
+  Implementing mutual TLS in your Vault clusters aligns your deployments with
+  industry best practices and regulatory requirements like HIPAA, PCI-DSS, and
+  others.
+
+- **Reduce risk of data leaks**.
+  When you operate Vault clusters with mutual TLS enabled, you minimize the risk
+  of data leaks and unauthorized access to sensitive information.
+
+- **Improved incident response**.
+  Mutual TLS helps to limit the exposure or damage from unauthorized access to
+  sensitive data stored in Vault, which makes incident response more
+  straightforward.
+
+## TLS resources
+
+- [Default Vault TLS configuration](/vault/docs/configuration/listener/tcp#default-tls-configuration)
+- [Configure TLS for your Vault TCP listener](/vault/docs/configuration/listener/tcp/tcp-tls)
+- [Vault installation to minikube via Helm with TLS enabled](/vault/tutorials/kubernetes/kubernetes-minikube-tls)
+- [Medium blog: Enabling TLS on your Vault cluster on Kubernetes](https://medium.com/@martin.hodges/enabling-tls-on-your-vault-cluster-on-kubernetes-0d20439b13d0)
diff --git a/content/vault/v1.20.x/content/partials/ld-images/deploy/secure-vault-tls.mdx b/content/vault/v1.20.x/content/partials/ld-images/deploy/secure-vault-tls.mdx
@@ -1,11 +1,2 @@
-<ImageConfig hideBorder>
-
 ![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls-dark.png#dark-theme-only)
-
-</ImageConfig>
-
-<ImageConfig hideBorder>
-
-![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls.png#light-theme-only)
-
-</ImageConfig>
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls.png#light-theme-only)
diff --git a/content/vault/v1.20.x/data/docs-nav-data.json b/content/vault/v1.20.x/data/docs-nav-data.json
@@ -712,12 +712,12 @@
     "title": "Deploy Vault",
     "routes": [
       {
-        "title": "Run as a service",
-        "path": "deploy/run-as-service"
+        "title": "Why use TLS?",
+        "path": "deploy/why-use-tls"
       },
       {
-        "title": "Secure cluster with TLS",
-        "path": "deploy/secure-cluster-with-tls"
+        "title": "Run as a service",
+        "path": "deploy/run-as-service"
       },
       {
         "title": "Run on AWS",

Original file line number	Diff line number	Diff line change
`@@ -667,12 +667,12 @@`
`667`	`667`	`"title": "Deploy Vault",`
`668`	`668`	`"routes": [`
`669`	`669`	`{`
`670`		`- "title": "Run as a service",`
`671`		`- "path": "deploy/run-as-service"`
	`670`	`+ "title": "Why use TLS?",`
	`671`	`+ "path": "deploy/why-use-tls"`
`672`	`672`	`},`
`673`	`673`	`{`
`674`		`- "title": "Secure cluster with TLS",`
`675`		`- "path": "deploy/secure-cluster-with-tls"`
	`674`	`+ "title": "Run as a service",`
	`675`	`+ "path": "deploy/run-as-service"`
`676`	`676`	`},`
`677`	`677`	`{`
`678`	`678`	`"title": "Run on AWS",`
Original file line number	Diff line number	Diff line change
`@@ -712,12 +712,12 @@`
`712`	`712`	`"title": "Deploy Vault",`
`713`	`713`	`"routes": [`
`714`	`714`	`{`
`715`		`- "title": "Run as a service",`
`716`		`- "path": "deploy/run-as-service"`
	`715`	`+ "title": "Why use TLS?",`
	`716`	`+ "path": "deploy/why-use-tls"`
`717`	`717`	`},`
`718`	`718`	`{`
`719`		`- "title": "Secure cluster with TLS",`
`720`		`- "path": "deploy/secure-cluster-with-tls"`
	`719`	`+ "title": "Run as a service",`
	`720`	`+ "path": "deploy/run-as-service"`
`721`	`721`	`},`
`722`	`722`	`{`
`723`	`723`	`"title": "Run on AWS",`