Support regulatory compliance

TBD TBD

Configure Vault as part of an HSM solution, FIPS compliant architecture, or PKCS11 authN workflow.

Vault Enterprise supports HSM for devices with PKCS#11 version 2.20+ interfaces with integration libraries for Linux/amd64 platforms. Compliance support includes:

HSM-wrapped root keys
automatic unsealing with the HSM-wrapped root key
entropy augmentation from external cryptographic modules
FIPS 140-2 compliant cryptography built into the Vault binary
FIPS seal wrapping for critical Security parameters

How HSM support changes Vault behavioral
HSM security details
FIPS compliance in Vault
Built-in FIPS 140-2 support