add docs for external Enterprise plugins (#29738)

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

website/content/docs/plugins/plugin-management.mdx

@@ -5,6 +5,7 @@ description: >-
    Learn how to manage external plugins that are implemented using Vault's plugin system.
 ---
 
+
 # Plugin management
 
 External plugins are the components in Vault that can be implemented separately
@@ -26,6 +27,8 @@ Before an external plugin can be mounted, it needs to be
 plugin catalog to ensure the plugin invoked by Vault is authentic and maintains
 integrity:
 
+### Community plugins
+
 ```shell-session
 $ vault plugin register -sha256=<SHA256 Hex value of the plugin binary> \
     secret \                  # type
@@ -34,6 +37,37 @@ $ vault plugin register -sha256=<SHA256 Hex value of the plugin binary> \
 Success! Registered plugin: passthrough-plugin
 ```
 
+### Enterprise plugins
+
+@include 'alerts/enterprise-and-hcp.mdx'
+
+#### Compatible Vault Enterprise versions
+- 1.16.16+
+- 1.17.12+
+- 1.18.5+
+- 1.19.0+
+
+Before registering an enterprise plugin, ensure that the plugin artifact
+compatible with the system that runs Vault Enterprise is downloaded from
+[HashiCorp releases page](https://releases.hashicorp.com/) and placed
+in the plugin directory.
+
+~> Note: Enterprise plugins artifacts should not be unzipped or modified
+in any way. Vault Enterprise will verify the plugin's integrity
+and compatibility and unzip during the registration process.
+
+```shell-session
+$ vault plugin register 
+    -version=<version of the plugin> # version must match the plugin version on the releases page
+    secret \                         # type
+    vault-plugin-secrets-keymgmt     # name must match the plugin name on the releases page
+
+Success! Registered plugin: vault-plugin-secrets-keymgmt
+```
+
+See [plugin register](/vault/docs/commands/plugin/register) for more details on 
+how to register Enterprise plugins.
+
 ## Enabling/Disabling external plugins
 
 After the plugin is registered, it can be mounted by specifying the registered
@@ -99,9 +133,10 @@ variables to configure different network proxies for different plugins:
 -> You must be using an external plugin to take advantage of custom environment
 variables. If you are using a builtin plugin, you can still download and register
 an external version of it in order to use this workflow. Check the
-[releases](https://releases.hashicorp.com/) page for the latest prebuilt plugin
-binaries.
+[HashiCorp releases page](https://releases.hashicorp.com/) for the latest
+prebuilt plugin binaries.
 
+#### Community plugins
 ```shell-session
 $ vault plugin register -sha256=<SHA256 Hex value of the plugin binary> \
     -env HTTP_PROXY=eu.example.com \
@@ -118,6 +153,16 @@ $ vault plugin register -sha256=<SHA256 Hex value of the plugin binary> \
 Success! Registered plugin: jwt-us
 ```
 
+#### Enterprise plugins
+```shell-session
+$ vault plugin register -version=<version of the plugin> \
+    -env HTTP_PROXY=example.com \
+    secret \
+    vault-plugin-secrets-keymgmt
+
+Success! Registered plugin: vault-plugin-secrets-keymgmt
+```
+
 You can then enable each plugin on its own path, and configure clients that
 should be associated with one or the other appropriately:
 
@@ -127,4 +172,7 @@ Success! Enabled the jwt-eu auth method at: auth/jwt-eu/
 
 $ vault auth enable jwt-us
 Success! Enabled the jwt-us auth method at: auth/jwt-us/
+
+$ vault secrets enable vault-plugin-secrets-keymgmt
+Success! Enabled the vault-plugin-secrets-keymgmt secrets engine at: vault-plugin-secrets-keymgmt/
 ```