[DOCS] Update the PKI secrets engine docs title & description (#29136)

* Update the PKI secrets engine docs title & description * Update website/content/docs/secrets/pki/index.mdx Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com> * Incorporate the review feedback --------- Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
2025-10-29 17:52:32 +00:00 · 2024-12-19 05:36:16 -08:00
parent f975259267
commit 32ba53f3c4
11 changed files with 52 additions and 33 deletions
--- a/website/content/docs/secrets/pki/cieps.mdx
+++ b/website/content/docs/secrets/pki/cieps.mdx
@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: Certificate Issuance External Policy (CIEPS) | PKI - Secrets Engines
-description: An overview of the Certificate Issuance External Policy (CIEPS) protocol
+page_title: Certificate Issuance External Policy Service (CIEPS)
+description: >-
+   High-level architecture overview and service APIs used by the PKI secrets engine when communicating with the Certificate Issuance External Policy Service (CIEPS).
 ---

-# PKI secrets engine - Certificate Issuance External Policy Service (CIEPS) <EnterpriseAlert inline="true" />
+# Certificate Issuance External Policy Service (CIEPS) <EnterpriseAlert inline="true" />

 This document covers high-level architecture and service APIs used by the
 Vault PKI Secrets Engine when communicating with the Certificate Issuance
--- a/website/content/docs/secrets/pki/cmpv2.mdx
+++ b/website/content/docs/secrets/pki/cmpv2.mdx
@@ -1,10 +1,10 @@
 ---
 layout: docs
-page_title: Certificate Management Protocol v2 (CMPv2) within Vault | PKI - Secrets Engines
+page_title: Certificate Management Protocol v2 (CMPv2)
 description: An overview of the Certificate Management Protocol (v2) implementation within Vault.
 ---

-# PKI secrets engine - Certificate Management Protocol v2 (CMPv2) <EnterpriseAlert inline="true" />
+# Certificate Management Protocol v2 (CMPv2) <EnterpriseAlert inline="true" />

 This document summarizes Vault's PKI Secrets Engine
 implementation of the [CMPv2 protocol](https://datatracker.ietf.org/doc/html/rfc4210) <EnterpriseAlert inline="true" />,
--- a/website/content/docs/secrets/pki/considerations.mdx
+++ b/website/content/docs/secrets/pki/considerations.mdx
@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Considerations'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'PKI secrets engine considerations'
+description: >-
+   Understand the important considerations and guidance before using the PKI secrets engine to generate certificates before using the PKI secrets engine. 
 ---

-# PKI secrets engine - considerations
+# PKI secrets engine considerations

 To successfully deploy this secrets engine, there are a number of important
 considerations to be aware of, as well as some preparatory steps that should be
--- a/website/content/docs/secrets/pki/est.mdx
+++ b/website/content/docs/secrets/pki/est.mdx
@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: Enrollment over Secure Transport (EST) within Vault | PKI - Secrets Engines
-description: An overview of the Enrollment over Secure Transport protocol implementation within Vault.
+page_title: Enrollment over Secure Transport (EST)
+description: >-
+   Understand the configuration and limitations of Vault's PKI secrets engine implementation of the Enrollment over Secure Transport (EST) protocol.
 ---

-# PKI secrets engine - Enrollment over Secure Transport (EST) <EnterpriseAlert inline="true" />
+# Enrollment over Secure Transport (EST) <EnterpriseAlert inline="true" />

 This document covers configuration and limitations of Vault's PKI Secrets Engine
 implementation of the [EST protocol](https://datatracker.ietf.org/doc/html/rfc7030) <EnterpriseAlert inline="true" />.
--- a/website/content/docs/secrets/pki/index.mdx
+++ b/website/content/docs/secrets/pki/index.mdx
@@ -1,14 +1,22 @@
 ---
 layout: docs
-page_title: PKI - Secrets Engines
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: PKI secrets engine
+description: Dynamically generate X.509 certificates with the PKI secrets engine plugin.
 ---

 # PKI secrets engine

@include 'x509-sha1-deprecation.mdx'

-> **Vault as Consul CA provider:** If you are using Vault 1.11.0+ as a Connect CA, run a Consul version which includes the fix for [GH-15525](https://github.com/hashicorp/consul/pull/15525). Refer to this [Knowledge Base article](https://support.hashicorp.com/hc/en-us/articles/11308460105491) for more details.
+<Note title="Vault as Consul CA provider">
+
+If you are using Vault 1.11.0+ as a Connect CA, run a Consul version which
+includes the fix for [GH-15525](https://github.com/hashicorp/consul/pull/15525).
+Refer to this [Knowledge Base
+article](https://support.hashicorp.com/hc/en-us/articles/11308460105491) for
+more details.
+
+</Note>

 The PKI secrets engine generates dynamic X.509 certificates. With this secrets
 engine, services can get certificates without going through the usual manual
--- a/website/content/docs/secrets/pki/quick-start-intermediate-ca.mdx
+++ b/website/content/docs/secrets/pki/quick-start-intermediate-ca.mdx
@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Quick Start: Intermediate CA Setup'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'Quick start: intermediate CA setup'
+description: >-
+   Set up a PKI secrets engine to create an intermediate authority using the root authority to sign the intermediate's certificate. 
 ---

-# PKI secrets engine - quick start - intermediate CA setup
+# Quick start: intermediate CA setup

 In the [first Quick Start guide](/vault/docs/secrets/pki/quick-start-root-ca),
 certificates were issued directly from the root certificate authority.
--- a/website/content/docs/secrets/pki/quick-start-root-ca.mdx
+++ b/website/content/docs/secrets/pki/quick-start-root-ca.mdx
@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Quick Start: Root CA Setup'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'Quick start: root CA setup'
+description: >-
+   Set up a PKI secrets engine with a root CA certificate. 
 ---

-# PKI secrets engine - quick start - root CA setup
+# Quick start: root CA setup

 This document provides a brief overview of setting up a Vault PKI Secrets
 Engine with a Root CA certificate.
--- a/website/content/docs/secrets/pki/rotation-primitives.mdx
+++ b/website/content/docs/secrets/pki/rotation-primitives.mdx
@@ -1,7 +1,8 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engine: Rotation Primitives'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'PKI secrets engine - rotation primitives'
+description: >-
+   Understand the primitive certificate types for root and intermediate CA rotation.  
 ---

 # PKI secrets engine - rotation primitives
--- a/website/content/docs/secrets/pki/setup.mdx
+++ b/website/content/docs/secrets/pki/setup.mdx
@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Setup and Usage'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: Set up and use the PKI secrets engine
+description: >-
+   Enable and configure the PKI secrets engine to generates TLS certificates. 
 ---

-# PKI secrets engine - setup and usage
+# Set up and use the PKI secrets engine

 This document provides a brief overview of the setup and usage of the PKI
 Secrets Engine.
--- a/website/content/docs/secrets/pki/troubleshooting-acme.mdx
+++ b/website/content/docs/secrets/pki/troubleshooting-acme.mdx
@@ -1,10 +1,10 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engine: Troubleshooting ACME'
-description: Troubleshoot problems with ACME clients and Vault PKI Secrets Engine's ACME server.
+page_title: Troubleshoot PKI secrets engine and ACME
+description: Troubleshoot problems with ACME clients and Vault PKI secrets engine's ACME server.
 ---

-# Troubleshoot PKI Secrets Engine and ACME
+# Troubleshoot PKI secrets engine and ACME

 Solve common problems related to ACME client integration with Vault PKI
 Secrets Engine's ACME server.
--- a/website/content/partials/x509-sha1-deprecation.mdx
+++ b/website/content/partials/x509-sha1-deprecation.mdx
@@ -1,5 +1,9 @@
-~> **Note**: This engine can use external X.509 certificates as part of TLS or signature validation.
-   Verifying signatures against X.509 certificates that use SHA-1 is deprecated and is no longer
-   usable without a workaround starting in Vault 1.12. See the
-   [deprecation FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
-   for more information.
+<Note>
+
+This engine can use external X.509 certificates as part of TLS or signature validation.
+Verifying signatures against X.509 certificates that use SHA-1 is deprecated and is no longer
+usable without a workaround starting in Vault 1.12. See the
+[deprecation FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
+for more information.
+
+</Note>