hashicorp · schavis · Dec 19, 2024 · Dec 18, 2024
@@ -1,16 +1,12 @@
 ---
 layout: docs
-page_title: SSH - Secrets Engines
-description: |-
-  The Vault SSH secrets engine provides secure authentication and authorization
-  for access to machines via the SSH protocol. There are two modes to the Vault
-  SSH secrets engine including signed SSH certificates and one-time passwords.
+page_title: SSH secrets engine
+description: >-
+  Securely access machines via the SSH protocol using the SSH secrets engine plugin. It supports signed SSH certificates and one-time password modes.
 ---
 
 # SSH secrets engine
 
-Name: `ssh`
-
 The Vault SSH secrets engine provides secure authentication and authorization
 for access to machines via the SSH protocol. The Vault SSH secrets engine helps
 manage access to machine infrastructure, providing several ways to issue SSH

@@ -1,16 +1,14 @@
 ---
 layout: docs
-page_title: One-Time SSH Passwords (OTP) - SSH - Secrets Engines
-description: |-
-  The One-Time SSH Password (OTP) SSH secrets engine type allows a Vault server
-  to issue a One-Time Password every time a client wants to SSH into a remote
-  host using a helper command on the remote host to perform verification.
+page_title: One-time SSH passwords
+description: >-
+  Issue a one-time password every time a client connects to a remote machine via SSH using a helper command on the host to perform verification.
 ---
 
-# One-Time SSH passwords
+# One-time SSH passwords
 
 The One-Time SSH Password (OTP) SSH secrets engine type allows a Vault server to
-issue a One-Time Password every time a client wants to SSH into a remote host
+issue a one-time password every time a client wants to SSH into a remote host
 using a helper command on the remote host to perform verification.
 
 An authenticated client requests credentials from the Vault server and, if

@@ -1,23 +1,20 @@
 ---
 layout: docs
-page_title: Signed SSH Certificates - SSH - Secrets Engines
+page_title: Signed SSH certificates
 description: >-
-  The signed SSH certificates is the simplest and most powerful in terms of
-
-  setup complexity and in terms of being platform agnostic. When using this
-
-  type, an SSH CA signing key is generated or configured at the secrets engine's
-  mount.
-
-  This key will be used to sign other SSH keys.
+  Generate an SSH CA signing key with the SSH secrets engine to securely connect to a remote machine.
 ---
 
 # Signed SSH certificates
 
 The signed SSH certificates is the simplest and most powerful in terms of setup
 complexity and in terms of being platform agnostic. By leveraging Vault's
 powerful CA capabilities and functionality built into OpenSSH, clients can SSH
-into target hosts using their own local SSH keys.
+into target hosts using their own local SSH keys. 
+
+When using the signed SSH certificates, an SSH CA signing key is generated or
+configured at the secrets engine's mount. This key will be used to sign other
+SSH keys.
 
 In this section, the term "**client**" refers to the person or machine
 performing the SSH operation. The "**host**" refers to the target machine. If

@@ -1,14 +1,13 @@
 ---
 layout: docs
-page_title: FF3-1 Tweak Usage Documentation
-description: |-
-  Details and best practices for FF3-1 transform usage. 
+page_title: FF3-1 tweak usage
+description: >-
+  Follow the best practices for using the FF3-1 algorithm when performing format preserving encryption (FPE) with the transform secrets engine. 
 ---
-# FF3-1 tweak usage documentation
 
-## Introduction 
+# FF3-1 tweak usage documentation
 
-The Vault Transform Secrets Engine uses the FF3-1 algorithm for FPE 
+The Vault's transform secrets engine uses the FF3-1 algorithm for FPE 
 (format preserving encryption) transformations. The key benefit of format
 preserving encryption schemes is that it allows for the secure encryption 
 of plaintexts over small domain spaces [1]. However, this comes with 

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Transform - Secrets Engines
+page_title: Transform secrets engine
 description: >-
-  The Transform secrets engine for Vault performs secure data transformation.
+  Perform secure data transformation and tokenization with the Transform secrets engine plugin.
 ---
 
 # Transform secrets engine
@@ -369,7 +369,7 @@ in Manual below.
 
 ### Via the API
 
-First, the wrapping key needs to be read from the transform secrets engine:
+First, the wrapping key needs to be read from the Transform secrets engine:
 
 ```text
 $ vault read transform/wrapping_key
@@ -416,7 +416,7 @@ either SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512.
 6. Base64 encode the result.
 
 For more details on the key wrapping process, see the [key wrapping guide](/vault/docs/secrets/transit/key-wrapping-guide)
-(be sure to use the transform wrapping key when wrapping a key for import into the transform secrets engine).
+(be sure to use the transform wrapping key when wrapping a key for import into the Transform secrets engine).
 
 ## API
 

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Transform - Secrets Engines - Tokenization
+page_title: Tokenization transform
 description: >-
-  More information on the Tokenization transform.
+  Perform data tokenization with the transform secrets engine. It increases the irreversibility of the highly sensitive data.
 ---
 
 # Tokenization transform

@@ -1,9 +1,8 @@
 ---
 layout: docs
-page_title: Transit - Secrets Engines
+page_title: Transit secrets engine
 description: >-
-  The transit secrets engine for Vault encrypts/decrypts data in-transit. It
-  doesn't store any secrets.
+  Encrypt and decrypt data in-transit with the transit secrets engine plugin. It provides "encryption as a service" and does not store the data itself.
 ---
 
 # Transit secrets engine

@@ -1,8 +1,8 @@
 ---
 layout: docs
-page_title: Key Wrapping for Transit Key Import - Transit - Secrets Engines
-description: |-
-  Details about wrapping keys for import into the transit secrets engine.
+page_title: Key wrapping for transit key import
+description: >-
+  Import the externally generated encryption key into the transit secrets engine and use that to encrypt/decrypt data in-transit.
 ---
 
 # Key wrapping for transit key import