Make enterprise callouts consistent (#22073)

website/content/api-docs/secret/pki.mdx

@@ -1611,7 +1611,9 @@ source is more consistent with expectations of external apps, but see
 the [PKI Considerations](/vault/docs/secrets/pki/considerations) page
 for a discussion on cluster size and unified CRLs/OCSP.
 
-~> Note: Unified CRLs are a Vault Enterprise only feature.
+<EnterpriseAlert product="vault">
+  Unified CRLs require a Vault Enterprise license or HCP Plus cluster.
+</EnterpriseAlert>
 
 These are unauthenticated endpoints.
 
@@ -1691,7 +1693,9 @@ source is more consistent with expectations of external apps, but see
 the [PKI Considerations](/vault/docs/secrets/pki/considerations) page
 for a discussion on cluster size and unified CRLs/OCSP.
 
-~> Note: Unified OCSP is a Vault Enterprise only feature.
+<EnterpriseAlert product="vault">
+  Unified OCSP requires a Vault Enterprise license or HCP Plus cluster.
+</EnterpriseAlert>
 
 At this time there are certain limitations of the OCSP implementation at this path:
 
@@ -3820,7 +3824,8 @@ the CRL.
   revocations on, to regenerate the delta CRL. Must be shorter than CRL
   expiry.
 
-- `cross_cluster_revocation` `(bool: false)` - Enables cross-cluster revocation
+- `cross_cluster_revocation` `(bool: false)` -
+  <EnterpriseAlert product="vault" inline /> Enables cross-cluster revocation
   request queues. When a serial not issued on this local cluster is presented
   to Vault via the [`/revoke` API](#revoke-certificate), it is replicated
   across clusters and the cluster which issued that certificate will revoke
@@ -3831,11 +3836,10 @@ the CRL.
    cross-cluster revocation request will be created.<br /><br />
    API calls to revoke a certificate with Proof of Possession (PoP) cannot
    be satisfied if the certificate is not available locally and will
-   not result in a cross-cluster revocation request.
+   not result in a cross-cluster revocation request. 
 
-~> Note: `cross_cluster_revocation` is a Vault Enterprise only feature.
+- `unified_crl` `(bool: false)` - 
-
+  <EnterpriseAlert product="vault" inline /> Enables unified CRL and OCSP building. This
-- `unified_crl` `(bool: false)` - Enables unified CRL and OCSP building. This
   synchronizes all revocations between clusters; a single, unified CRL will be
   built on the active node of the primary performance replication (PR)
   cluster. Any node in any PR cluster will be able to serve this unified CRL
@@ -3846,17 +3850,14 @@ the CRL.
    cluster, but revoked via BYOC on another, this option will inform the
    issuing cluster of the revocation.
 
-~> Note: `unified_crl` is a Vault Enterprise only feature.
+- `unified_crl_on_existing_paths` `(bool: false)` -
-
+  <EnterpriseAlert product="vault" inline /> Enables serving the
-- `unified_crl_on_existing_paths` `(bool: false)` - Enables serving the
   unified CRL and OCSP on the existing, previously cluster-local paths
   (e.g., `/pki/crl` will now contain the unified CRL when enabled). This
   allows transitioning AIA-based consumption of CRLs to a unified view
   without having to re-issue certificates or update scripts pulling
   a single CRL.
 
-~> Note: `unified_crl_on_existing_paths` is a Vault Enterprise only feature.
-
 #### Sample payload
 
 ```json

website/content/api-docs/system/config-control-group.mdx

@@ -6,7 +6,7 @@ description: The '/sys/config/control-group' endpoint configures control groups.
 
 # `/sys/config/control-group`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 The `/sys/config/control-group` endpoint is used to configure Control Group
 settings.

website/content/api-docs/system/config-group-policy-application.mdx

@@ -6,7 +6,7 @@ description: The '/sys/config/group-policy-application' endpoint is used to conf
 
 # `/sys/config/group-policy-application`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise Platform.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 The `sys/config/group-policy-application` endpoint can be used to configure the
 mode of policy application for identity groups in Vault. This setting dictates

website/content/api-docs/system/config-reload.mdx

@@ -17,9 +17,7 @@ Currently, it only supports reloading license information from files on disk.
 
 - `subsystem` `(string: <required>)` - Specifies the subsystem for Vault to reload. This is part of the request URL.
 
-## Reload license file
+## Reload license file <EnterpriseAlert product="vault" inline />
-
-~> **Enterprise Only** – This endpoint requires Vault Enterprise.
 
 When the `:subsystem` URL parameter is specified as `license`, Vault re-reads
 the license file if the license was provided using the `license_path` configuration

website/content/api-docs/system/control-group.mdx

@@ -6,7 +6,7 @@ description: The '/sys/control-group' endpoint handles the Control Group workflo
 
 ## Authorize control group request
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 This endpoint authorizes a control group request.
 

website/content/api-docs/system/lease-count-quotas.mdx

@@ -6,7 +6,7 @@ description: The `/sys/quotas/lease-count` endpoint is used to create, edit and
 
 # `/sys/quotas/lease-count`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise Platform.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 The `/sys/quotas/lease-count` endpoint is used to create, edit and delete lease count quotas.
 

website/content/api-docs/system/license.mdx

@@ -8,7 +8,7 @@ description: |-
 
 # `/sys/license/status`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 The `/sys/license/status` endpoint is used to view update the license used in
 Vault.

website/content/api-docs/system/managed-keys.mdx

@@ -99,7 +99,9 @@ $ curl \
 
 #### PKCS#11 backend parameters
 
-~> NOTE: The `pkcs11` backend is only available with Vault Enterprise Plus (HSMs) edition
+<Note>
+  The <code>pkcs11</code> backend is only available with Vault Enterprise plus HSMs
+</Note>
 
 - `type` `(string: "pkcs11")` - To select a PKCS#11 backend, the type parameter must be set to `pkcs11`.
 

website/content/api-docs/system/policies.mdx

@@ -10,7 +10,11 @@ description: >-
 
 The `/sys/policies` endpoints are used to manage ACL, RGP, and EGP policies in Vault.
 
-~> **NOTE**: This endpoint is only available in Vault version 0.9+. Please also note that RGPs and EGPs are Vault Enterprise Premium features and the associated endpoints are not available in Vault Open Source or Vault Enterprise Pro.
+<Note>
+<code>/sys/policies</code> endpoints are only available in Vault version 0.9+.
+RGPs and EGPs are Vault Enterprise upgrade features that are not available in
+Vault Open Source or basic Vault Enterprise installations.
+</Note>
 
 ## List ACL policies
 

website/content/api-docs/system/replication/index.mdx

@@ -8,7 +8,7 @@ description: >-
 
 # `/sys/replication`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 ## Attempt recovery
 

website/content/api-docs/system/replication/replication-dr.mdx

@@ -8,7 +8,7 @@ description: >-
 
 # `/sys/replication/dr`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-only.mdx'
 
 ## Check DR status
 

website/content/api-docs/system/replication/replication-performance.mdx

@@ -8,7 +8,7 @@ description: >-
 
 # `/sys/replication/performance`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 ## Check performance status
 

website/content/api-docs/system/sealwrap-rewrap.mdx

@@ -8,7 +8,7 @@ description: >-
 
 # `/sys/sealwrap/rewrap`
 
-~> **Enterprise Only** – These endpoints require Vault Enterprise.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 The `/sys/sealwrap/rewrap` endpoint is used to rewrap all seal wrapped entries.
 This is useful when you want to upgrade seal wrapped entries to use the latest

website/content/api-docs/system/storage/raftautosnapshots.mdx

@@ -16,7 +16,7 @@ snapshots with Vault's Raft storage backend.
 
 ## Create/update an automated snapshots config
 
--> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
+@include 'alerts/enterprise-and-hcp.mdx'
 
 **This endpoint requires sudo capability.**
 

website/content/docs/enterprise/automated-integrated-storage-snapshots.mdx

@@ -9,7 +9,7 @@ description: |-
 
 # Automated integrated storage snapshots
 
--> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
+@include 'alerts/enterprise-and-hcp.mdx'
 
 Any production system should include a provision for taking regular backups.
 Vault Enterprise can be configured to take and store snapshots at a specific

website/content/docs/enterprise/automated-upgrades.mdx

@@ -7,10 +7,10 @@ description: |-
 
 # Automated upgrades
 
-~> **Note**: Automated Upgrades requires [Vault Enterprise](https://www.hashicorp.com/products/vault/) to be
+@include 'alerts/enterprise-only.mdx'
-configured to use Integrated Storage.
 
-Vault Enterprise Automated Upgrades allows operators to upgrade the Vault version currently running in a cluster automatically.
+Operators running Vault Enterprise with integrated storage can use automated
+upgrades to upgrade the Vault version currently running in a cluster automatically.
  There are a few different ways to make this upgrade happen,
 and control which versions are being upgraded to. With no additional configuration,
 Vault will check the version of Vault that each node in the cluster is running. If a blue/green

website/content/docs/enterprise/consistency.mdx

@@ -6,6 +6,8 @@ description: Vault Enterprise Consistency Model
 
 # Vault eventual consistency
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 When running in a cluster, Vault has an eventual consistency model.
 Only one node (the leader) can write to Vault's storage.
 Users generally expect read-after-write consistency: in other

website/content/docs/enterprise/control-groups.mdx

@@ -4,9 +4,9 @@ page_title: Vault Enterprise Control Groups
 description: Vault Enterprise has support for Control Group Authorization.
 ---
 
-# Vault enterprise control groups
+# Vault Enterprise control groups
 
--> **Note**: This feature requires [Vault Enterprise Plus](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-and-hcp.mdx'
 
 Vault Enterprise has support for Control Group Authorization. Control Groups
 add additional authorization factors to be required before satisfying a request.

website/content/docs/enterprise/entropy-augmentation.mdx

@@ -8,9 +8,12 @@ description: |-
 
 # Entropy augmentation
 
--> **Note**: This feature requires [Vault Enterprise Plus](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-only.mdx'
 
-~> **Warning** This feature is not available with FIPS 140-2 Inside variants of Vault.
+<Warning>
+  Entropy augmentation <b>is not</b> available with "FIPS 140-2 Inside" variants of
+  Vault.
+</Warning>
 
 Vault Enterprise features a mechanism to sample entropy (or randomness for
 cryptographic operations) from external cryptographic modules via the [seals](/vault/docs/configuration/seal)

website/content/docs/enterprise/fips/fips1402.mdx

@@ -8,7 +8,7 @@ description: |-
 
 # FIPS 140-2 inside
 
--> **Note**: This feature requires [Vault Enterprise Plus](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-only.mdx'
 
 Special builds of Vault Enterprise (marked with a `fips1402` feature name)
 include built-in support for FIPS 140-2 compliance. Unlike using Seal Wrap

website/content/docs/enterprise/fips/index.mdx

@@ -6,6 +6,8 @@ description: An overview of FIPS compliance in Vault.
 
 # FIPS
 
+@include 'alerts/enterprise-only.mdx'
+
 The [Federal Information Processing Standard](https://www.nist.gov/federal-information-standards-fips)
 is a cryptography-focused certification standard for U.S. Government usage.
 

website/content/docs/enterprise/fips/sealwrap.mdx

@@ -9,7 +9,7 @@ description: |-
 
 # Seal wrap for FIPS compliance
 
--> **Note**: This feature requires [Vault Enterprise Plus](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-only.mdx'
 
 Vault Enterprise features a mechanism to wrap values with an extra layer of
 encryption for supporting [seals](/vault/docs/configuration/seal). This adds an

website/content/docs/enterprise/hsm/behavior.mdx

@@ -8,6 +8,8 @@ description: >-
 
 # Vault enterprise HSM behavioral changes
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 This page contains information about the behavioral differences that take
 effect when using Vault with an HSM.
 

website/content/docs/enterprise/hsm/index.mdx

@@ -8,7 +8,7 @@ description: >-
 
 # Vault enterprise HSM support
 
--> **Note**: This feature requires [Vault Enterprise Plus](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-and-hcp.mdx'
 
 - Root key Wrapping: Vault protects its root key by transiting it through
   the HSM for encryption rather than splitting into key shares

website/content/docs/enterprise/hsm/security.mdx

@@ -6,6 +6,8 @@ description: Recommendations to ensure the security of a Vault Enterprise HSM de
 
 # Vault enterprise HSM security details
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 This page provides information to help ensure that a Vault HSM deployment is
 performed as securely as possible.
 

website/content/docs/enterprise/lease-count-quotas.mdx

@@ -7,6 +7,8 @@ description: |-
 
 # Lease count quotas
 
+@include 'alerts/enterprise-only.mdx'
+
 Vault features an extension to resource quotas that allows operators to enforce
 limits on how many leases are created. For a given lease count quota, if the
 number of leases in the cluster hits the configured limit, `max_leases`, additional

website/content/docs/enterprise/license/autoloading.mdx

@@ -6,6 +6,8 @@ description: An overview of license autoloading.
 
 # License autoloading
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 Prior to Vault 1.8, Vault Enterprise would be licensed using special binaries
 that contained embedded licenses, or via a license written into Vault storage
 using the [POST sys/license API](/vault/api-docs/system/license#install-license).

website/content/docs/enterprise/license/index.mdx

@@ -6,6 +6,8 @@ description: An overview of license.
 
 # Vault license
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 Licenses and EULA enhancements have been introduced in Vault 1.8 release. Please refer to the [FAQ](/vault/docs/enterprise/license/faq) for common questions concerning these changes.
 
 The [Install a HashiCorp Enterprise License](/vault/tutorials/enterprise/hashicorp-enterprise-license) tutorial provides the instruction to load your Vault license.

website/content/docs/enterprise/license/utilization-reporting.mdx

@@ -7,6 +7,8 @@ description: >-
 
 # Automated license utilization reporting
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 Automated license utilization reporting sends license utilization data to
 HashiCorp without requiring you to manually collect and report them. It also
 lets you review your license usage with the monitoring solution you already use

website/content/docs/enterprise/managed-keys.mdx

@@ -7,6 +7,7 @@ description: >-
 
 # Managed keys
 
+@include 'alerts/enterprise-and-hcp.mdx'
 
 Within certain environments, customers want to leverage key management systems
 external to Vault, when handling, storing, and interacting with

website/content/docs/enterprise/mfa/index.mdx

@@ -8,7 +8,7 @@ description: >-
 
 # Vault enterprise MFA support
 
--> **Note**: This section highlights the Step-up Enterprise MFA feature and its capabilities specifically available for [Vault Enterprise](https://www.hashicorp.com/products/vault/) users.
+@include 'alerts/enterprise-and-hcp.mdx'
 
 Vault Enterprise has support for Multi-factor Authentication (MFA), using
 different authentication types. MFA is built on top of the Identity system of

website/content/docs/enterprise/mfa/mfa-duo.mdx

@@ -6,6 +6,8 @@ description: Vault Enterprise supports Duo MFA type.
 
 # Duo MFA
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 This page demonstrates the Duo MFA on ACL'd paths of Vault.
 
 ## Configuration

website/content/docs/enterprise/mfa/mfa-okta.mdx

@@ -6,6 +6,8 @@ description: Vault Enterprise supports Okta MFA type.
 
 # Okta MFA
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 This page demonstrates the Okta MFA on ACL'd paths of Vault.
 
 ## Configuration

website/content/docs/enterprise/mfa/mfa-pingid.mdx

@@ -6,6 +6,8 @@ description: Vault Enterprise supports PingID MFA type.
 
 # PingID MFA
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 This page demonstrates PingID MFA on ACL'd paths of Vault.
 
 ## Configuration

website/content/docs/enterprise/mfa/mfa-totp.mdx

@@ -6,6 +6,8 @@ description: Vault Enterprise supports TOTP MFA type.
 
 # TOTP MFA
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 This page demonstrates the TOTP MFA on ACL'd paths of Vault.
 
 ## Configuration

website/content/docs/enterprise/namespaces.mdx

@@ -6,14 +6,7 @@ description: >-
   Multi-tenancy (SMT) and self-management.
 ---
 
-# Vault enterprise namespaces
+# Vault Enterprise namespaces
-
-<Note>
-
-This feature is available in all versions of [Vault
-Enterprise](https://www.hashicorp.com/products/vault/).
-
-</Note>
 
 Many organizations implement Vault as a "service", providing centralized
 management for teams within an organization while ensuring that those teams

website/content/docs/enterprise/performance-standby.mdx

@@ -6,7 +6,7 @@ description: Performance Standby Nodes - Vault Enterprise
 
 # Performance standby nodes
 
--> **Note**: This feature requires [Vault Enterprise Premium](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-and-hcp.mdx'
 
 Vault supports a multi-server mode for high availability. This mode protects
 against outages by running multiple Vault servers. High availability mode

website/content/docs/enterprise/pkcs11-provider/aws-xks.mdx

@@ -7,6 +7,8 @@ description: |-
 
 # Vault with AWS KMS external key store (XKS) via PKCS#11 and XKS proxy
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 ~> **Note**: AWS [`xks-proxy`](https://github.com/aws-samples/aws-kms-xks-proxy) is used in this document as a sample implementation.
 
 Vault's KMIP Secrets Engine can be used as an external key store for the AWS KMS [External Key Store (XKS)](https://aws.amazon.com/blogs/aws/announcing-aws-kms-external-key-store-xks/) protocol using the AWS [`xks-proxy`](https://github.com/aws-samples/aws-kms-xks-proxy) along

website/content/docs/enterprise/pkcs11-provider/index.mdx

@@ -9,6 +9,8 @@ description: |-
 
 # PKCS#11 provider
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 [PKCS#11](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html)
 is an open standard C API that provides a means to access cryptographic capabilities on a device.
 For example, it is often used to access a Hardware Security Module (HSM) (like a [Yubikey](https://www.yubico.com/)) from a local program (such as [GPG](https://gnupg.org/)).

website/content/docs/enterprise/pkcs11-provider/oracle-tde.mdx

@@ -7,6 +7,8 @@ description: |-
 
 # Oracle TDE
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 [Oracle Transparent Data Encryption](https://docs.oracle.com/database/121/ASOAG/introduction-to-transparent-data-encryption.htm#ASOAG10270) (TDE)
 is supported with the [Vault PKCS#11 provider](/vault/docs/enterprise/pkcs11-provider).
 In this setup, Vault's KMIP engine generates and store the "TDE Master Encryption Key" that the Oracle Database uses to encrypt and decrypt the "TDE Table Keys".

website/content/docs/enterprise/redundancy-zones.mdx

@@ -7,8 +7,7 @@ description: |-
 
 # Redundancy zones
 
--> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
+@include 'alerts/enterprise-and-hcp.mdx'
-configured to use Integrated Storage.
 
 Vault Enterprise Redundancy Zones provide both read scaling and resiliency benefits by enabling
 the deployment of non-voting nodes alongside voting nodes on a per availability zone basis.

website/content/docs/enterprise/replication.mdx

@@ -7,14 +7,10 @@ description: >-
   recovery workloads.
 ---
 
-# Vault enterprise replication
+# Vault Enterprise replication
 
 ## Overview
-
+ 
--> **Note**: All versions of [Vault Enterprise](https://www.hashicorp.com/products/vault/)
-have support for Disaster Recovery replication. Performance Replication requires
-Vault Enterprise Premium.
-
 Many organizations have infrastructure that spans multiple datacenters. Vault
 provides the critical services of identity management, secrets storage, and
 policy management. This functionality is expected to be highly available and
@@ -87,6 +83,8 @@ secondaries to have a different configuration than their primary.  Tokens and le
 
 ## Performance replication
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 In Performance Replication, secondaries keep track of their own tokens and leases
 but share the underlying configuration, policies, and supporting secrets (K/V values,
 encryption keys for `transit`, etc).

website/content/docs/enterprise/sealwrap.mdx

@@ -8,7 +8,7 @@ description: |-
 
 # Seal wrap
 
--> **Note**: This feature requires [Vault Enterprise Plus](https://www.hashicorp.com/products/vault/).
+@include 'alerts/enterprise-and-hcp.mdx'
 
 Vault Enterprise features a mechanism to wrap values with an extra layer of
 encryption for supporting [seals](/vault/docs/configuration/seal). This adds an

website/content/docs/enterprise/sentinel/examples.mdx

@@ -6,6 +6,8 @@ description: An overview of how Sentinel interacts with Vault Enterprise.
 
 # Examples
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 Following are some examples that help to introduce concepts. If you are
 unfamiliar with writing Sentinel policies in Vault, please read through to
 understand some best practices.

website/content/docs/enterprise/sentinel/index.mdx

@@ -4,15 +4,9 @@ page_title: Vault Enterprise Sentinel Integration
 description: An overview of how Sentinel interacts with Vault Enterprise.
 ---
 
-# Overview
+# Vault Enterprise and Sentinel integration
 
-<Note>
+@include 'alerts/enterprise-and-hcp.mdx'
-
-Sentinel requires [Vault
-Enterprise](https://www.hashicorp.com/products/vault/pricing/) license, or an
-[HCP Vault Plus](/hcp/docs/vault/tiers-and-features#plus-tier) cluster.
-
-</Note>
 
 Vault Enterprise integrates HashiCorp Sentinel to provide a rich set of access
 control functionality. Because Vault is a security-focused product trusted with

website/content/docs/enterprise/sentinel/properties.mdx

@@ -6,6 +6,8 @@ description: An overview of how Sentinel interacts with Vault Enterprise.
 
 # Properties
 
+@include 'alerts/enterprise-and-hcp.mdx'
+
 Vault injects a rich set of data into the running Sentinel environment,
 allowing for very fine-grained controls. The set of available properties are
 enumerated on this page.

website/content/docs/platform/mssql/index.mdx

@@ -7,8 +7,11 @@ description: >-
 
 # Vault EKM provider for SQL server
 
--> **Note**: This feature requires [Vault Enterprise](https://www.hashicorp.com/products/vault/)
+<EnterpriseAlert product="vault">
-with the Advanced Data Protection Key Management module.
+Requires&nbsp;
+<a href="https://www.hashicorp.com/products/vault/pricing">Vault Enterprise</a>
+&nbsp;with <b>Advanced Data Protection Key Management</b> module.
+</EnterpriseAlert>
 
 Microsoft SQL Server supports [Transparent Data Encryption][tde] (TDE). The
 Database Encryption Keys (DEK) can be protected by asymmetric Key Encryption

website/content/partials/alerts/enterprise-and-hcp.mdx

@@ -0,0 +1,6 @@
+<EnterpriseAlert product="vault">
+  <a href="https://www.hashicorp.com/products/vault/pricing">Vault Enterprise</a>
+  &nbsp;license or&nbsp;
+  <a href="/hcp/docs/vault/tiers-and-features#plus-tier">HCP Vault Plus</a>
+  &nbsp;cluster required
+</EnterpriseAlert>

website/content/partials/alerts/enterprise-only.mdx

@@ -0,0 +1,4 @@
+<EnterpriseAlert product="vault">
+  <a href="https://www.hashicorp.com/products/vault/pricing">Vault Enterprise</a>
+  &nbsp; license required
+</EnterpriseAlert>