Sync GA updates to RC folder for publication (#1161)

schavis · web-flow · commit f1d7a25d5887 · 2025-10-22T12:34:10.000-07:00
diff --git a/content/vault/v1.21.x (rc)/content/docs/deploy/why-use-tls.mdx b/content/vault/v1.21.x (rc)/content/docs/deploy/why-use-tls.mdx
@@ -0,0 +1,50 @@
+---
+layout: docs
+page_title: Why use TLS?
+description: >-
+  Understand the benefits of securing your Vault clusters with end-to-end TLS.
+---
+
+# Why use TLS?
+
+You can enhance the overall security posture of your Vault cluster when you
+secure communications with TLS to ensure that data transmitted between Vault
+nodes and clients remains confidential and tamper-proof.
+
+@include 'ld-images/deploy/secure-vault-tls.mdx'
+
+Use mutual TLS with your Vault cluster deployments to protect sensitive data and
+prevent unauthorized access with enhanced compliance, governance, auditing
+capabilities, and incident response.
+
+## TLS benefits
+
+- **Improved data protection**.
+  TLS prevents unauthorized access or communication with the Vault cluster to
+  ensure data availability based on your security policies. TLS also protects
+  sensitive data in transit to prevent interception or tampering.
+
+- **Strong identity verification**.
+  Vault cluster nodes and clients verify identities from TLS certificates before
+  communicating to enable trusted operations and prevent impersonation.
+
+- **Improved compliance and governance**.
+  Implementing mutual TLS in your Vault clusters aligns your deployments with
+  industry best practices and regulatory requirements like HIPAA, PCI-DSS, and
+  others.
+
+- **Reduce risk of data leaks**.
+  When you operate Vault clusters with mutual TLS enabled, you minimize the risk
+  of data leaks and unauthorized access to sensitive information.
+
+- **Improved incident response**.
+  Mutual TLS helps to limit the exposure or damage from unauthorized access to
+  sensitive data stored in Vault, which makes incident response more
+  straightforward.
+
+## TLS resources
+
+- [Default Vault TLS configuration](/vault/docs/configuration/listener/tcp#default-tls-configuration)
+- [Configure TLS for your Vault TCP listener](/vault/docs/configuration/listener/tcp/tcp-tls)
+- [Vault installation to minikube via Helm with TLS enabled](/vault/tutorials/kubernetes/kubernetes-minikube-tls)
+- [Medium blog: Enabling TLS on your Vault cluster on Kubernetes](https://medium.com/@martin.hodges/enabling-tls-on-your-vault-cluster-on-kubernetes-0d20439b13d0)
diff --git a/content/vault/v1.21.x (rc)/content/docs/sysadmin/snapshots/index.mdx b/content/vault/v1.21.x (rc)/content/docs/sysadmin/snapshots/index.mdx
@@ -33,7 +33,7 @@ Step-by-step instructions:
 - [Restore a snapshot](/vault/docs/sysadmin/snapshots/restore)
 - [Recover discrete secrets in a replicated environment](/vault/docs/sysadmin/snapshots/recover-a-secret/replicated-cluster) <EnterpriseAlert inline="true" />
 - [Recover discrete secrets in a non-replicated environment](/vault/docs/sysadmin/snapshots/recover-a-secret/single-cluster) <EnterpriseAlert inline="true" />
-- [Automate snapshots](/vault/docs/sysadmin/snapshots/recover-a-secret) <EnterpriseAlert inline="true" />
+- [Automate snapshots](/vault/docs/sysadmin/snapshots/automate) <EnterpriseAlert inline="true" />
 - [Recover discrete secrets](/vault/docs/sysadmin/snapshots/recover-a-secret) <EnterpriseAlert inline="true" />
 
 </Tab>
@@ -59,4 +59,4 @@ Detailed tutorials:
 
 </Tab>
 
-</Tabs>
+</Tabs>
diff --git a/content/vault/v1.21.x (rc)/content/partials/ld-images/deploy/secure-vault-tls.mdx b/content/vault/v1.21.x (rc)/content/partials/ld-images/deploy/secure-vault-tls.mdx
@@ -0,0 +1,2 @@
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls-dark.png#dark-theme-only)
+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls.png#light-theme-only)
diff --git a/content/vault/v1.21.x (rc)/content/partials/rotationfields.mdx b/content/vault/v1.21.x (rc)/content/partials/rotationfields.mdx
@@ -8,7 +8,7 @@
   defining the schedule on which Vault should rotate the root token. Standard
   cron-style time format uses five fields to define the minute, hour, day of
   month, month, and day of week respectively. For example, `0 0 * * SAT` tells
-  Vault to rotate the root token every Saturday at 00:00. Vault interprets the schedule in UTC.
+  Vault to rotate the root token every Saturday at 00:00. In 1.20.5 or later, Vault interprets the schedule in UTC.
   **You must set one of `rotation_schedule` or `rotation_period`, but cannot set both**.
 - `rotation_window` `(string/integer: 0)` – <EnterpriseAlert product="vault" inline />
   The maximum amount of time, in seconds, allowed to complete
diff --git a/content/vault/v1.21.x (rc)/img/diagram-secure-vault-tls-dark.png b/content/vault/v1.21.x (rc)/img/diagram-secure-vault-tls-dark.png
diff --git a/content/vault/v1.21.x (rc)/img/diagram-secure-vault-tls.png b/content/vault/v1.21.x (rc)/img/diagram-secure-vault-tls.png

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls-dark.png#dark-theme-only)`
	`2`	`+![Secure Vault intra-cluster and inter-cluster communications with TLS](/img/diagram-secure-vault-tls.png#light-theme-only)`