Add docs on FIPS Inside vs Seal Wrap (#19310)

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2026-05-05 04:16:31 +02:00 · 2023-02-28 10:22:17 -05:00 · 2023-02-28 10:22:17 -05:00 · 52bbf65ae7
commit 52bbf65ae7
parent ba013912b1
1 changed files with 24 additions and 0 deletions
--- a/website/content/docs/enterprise/fips/index.mdx
+++ b/website/content/docs/enterprise/fips/index.mdx
@ -22,3 +22,27 @@ can be found on the [FIPS 140-2 Inside](/vault/docs/enterprise/fips/fips1402) pa
 Before our FIPS Inside effort, Vault [depended on](https://www.hashicorp.com/vault-compliance)
 an external HSM for FIPS 140-2 compliance. This uses the [Seal Wrap](/vault/docs/enterprise/fips/sealwrap)
 functionality to wrap security relevant keys in an extra layer of encryption.
+
+## Comparison of Versions
+
+The below table attempts to documents the FIPS compliance of various Vault
+operations between FIPS Inside and FIPS Seal Wrap. This table is by no means
+an official evaluation of either product; refer to the Leidos Letters of
+Attestation for that information.
+
+| Feature                           | FIPS Inside              | FIPS Seal Wrap                           |
+| :-------------------------------- | :----------------------- | :--------------------------------------- |
+| Entropy Augmentation              | Not Supported            | Yes                                      |
+| TLS Listener                      | Yes                      | No                                       |
+| Vault HA/DR/Raft TLS              | Yes                      | No                                       |
+| Barrier Storage                   | Yes                      | No                                       |
+| Seal Wrapping of CSPs             | With FIPS-Compliant HSM  | With FIPS-Compliant HSM                  |
+| SSH CA Operations                 | Yes with FIPS algorithms | No                                       |
+| Transit Operations                | Yes with FIPS algorithms | With Managed Keys and FIPS-Compliant HSM |
+| PKI Operations                    | Yes with FIPS algorithms | With Managed Keys and FIPS-Compliant HSM |
+| KMIP (Key Creation & Use)         | Yes with FIPS algorithms | No                                       |
+| Transform Tokenization            | Yes                      | No                                       |
+| Vault Agent TLS & Internal Crypto | Yes                      | No                                       |
+| Vault to External Plugin TLS      | Yes from Vault's side    | No                                       |
+| Plugin to third-party service TLS | Yes from Vault's side    | No                                       |
+| Auth Plugins' Internal Crypto     | Yes with FIPS algorithms | No                                       |