(DOCSP-20564)+(DOCSP-20596) KMIP Update (#791)

Author: biniona-mongodb

source/figures/CSFLE_Data_Key_KMIP.png

@@ -1,20 +1,20 @@
-title: Configure Your KMIP KMS
-ref: configure-kmip-kms
+title: Configure Your KMIP Provider
+ref: configure-kmip-provider
 content: |
 
-  To connect a MongoDB driver client to your KMIP KMS, you must configure your KMS
-  such that it accepts your client's TLS certificate.
+  To connect a MongoDB driver client to your KMIP provider, you must configure
+  your KMIP provider such that it accepts your client's TLS certificate.
 
-  Consult the documentation for your KMIP KMS for information on how
-  to accept your client certificate with your specific KMS.
+  Consult the documentation for your KMIP provider for information on how
+  to accept your client certificate.
 
 ---
 title: Specify your Certificates
 ref: specify-certificates
 content: |
 
-  Your client must connect to your KMIP KMS through TLS and present
-  a client certificate accepted by your KMS server.
+  Your client must connect to your KMIP provider through TLS and present
+  a client certificate that your KMIP provider accepts.
 
   .. tabs-drivers::
 
@@ -32,7 +32,7 @@ content: |
 
         .. note:: Configure Client With SSLContext
 
-           If you would rather configure your KMIP client using an SSL context, use the 
+           If you would rather configure your KMIP provider-client using an SSL context, use the 
            `kmsProviderSslContextMap <{+java-api+}/apidocs/mongodb-driver-core/com/mongodb/ClientEncryptionSettings.Builder.html#kmsProviderSslContextMap(java.util.Map)>`__
            method.
 
@@ -41,12 +41,12 @@ title: Create a New Data Encryption Key
 ref: create-a-new-data-key
 content: |
   To encrypt your data, you need a data encryption key generated from your
-  KMS-hosted **master key**. The following diagram shows the requests you need
+  KMIP provider-hosted **master key**. The following diagram shows the requests you need
   to make from the client application to create and store a new **data
   encryption key**:
 
-  .. image:: /figures/CSFLE_Data_Key_KMS.png
-     :alt: Diagram that describes creating a data encryption key when using a KMS provider
+  .. image:: /figures/CSFLE_Data_Key_KMIP.png
+     :alt: Diagram that describes creating a data encryption key when using a KMIP provider
 
   1. First, specify the following information to access the master key:
 
@@ -63,23 +63,23 @@ content: |
           - No
           - The ``keyId`` field of a 96 byte
             `Secret Data managed object <http://docs.oasis-open.org/kmip/spec/v1.4/os/kmip-spec-v1.4-os.html#_Toc490660780>`__
-            stored in your KMIP KMS.
+            stored in your KMIP provider.
 
             .. note:: Create a New Master Key
 
                If you do not specify the ``keyId`` field in the ``masterKey`` document
-               you send to your KMIP KMS, the driver creates a new
-               96 Byte Secret Data managed object in your KMS to act as your
+               you send to your KMIP provider, the driver creates a new
+               96 Byte Secret Data managed object in your KMIP provider to act as your
                master key. 
 
         * - endpoint
           - Yes
-          - The URI of your KMIP KMS.
+          - The URI of your KMIP provider.
 
   2. Once you have the required information, update and run the following code
      to generate the new data encryption key:
      
-  .. include:: /includes/substitute-placeholders.rst
+  .. include:: /includes/substitute-placeholders-kmip.rst
 
   .. tabs-drivers::
 
@@ -90,7 +90,7 @@ content: |
 
            Map<String, Map<String, Object>> kmsProviderProperties = new HashMap<>();
            Map<String, Object> providerDetails = new HashMap<>();
-           providerDetails.put("endpoint", "<KMIP KMS URI>");
+           providerDetails.put("endpoint", "<KMIP provider URI>");
            kmsProviderProperties.put(kmsProvider,  providerDetails);
            String keyVaultCollection = "<MongoDB namespace where you store your keys>"
 
@@ -112,7 +112,7 @@ content: |
 
         .. note::
 
-           To use a KMIP KMS, you must use `mongodb-crypt <https://mvnrepository.com/artifact/org.mongodb/mongodb-crypt>`__
+           To use a KMIP provider, you must use `mongodb-crypt <https://mvnrepository.com/artifact/org.mongodb/mongodb-crypt>`__
            version 1.3 or later in your application's environment.
 
 ---
@@ -124,4 +124,4 @@ content: |
   with your new data encryption key ID.
 
   Your client application is now ready to automatically encrypt your data
-  using the master key on your KMS provider.
+  using the master key on your KMIP provider.

source/includes/steps-fle-convert-to-a-remote-master-key-kmip.yaml

@@ -0,0 +1,21 @@
+.. note:: Placeholder Text
+
+    You must substitute all text in quotes and angle brackets with
+    your KMIP provider configuration values.
+
+    For example, the Java code prompts you to include a KMIP provider URI
+    as follows:
+
+    .. code-block:: java
+       :copyable: false
+
+       providerDetails.put("endpoint", "<KMIP provider URI>");
+
+    If your KMIP provider URI is "localhost:5696", substitute
+    the text as follows:
+
+    .. code-block:: java
+       :copyable: false
+
+       providerDetails.put("endpoint", "localhost:5696");
+

source/includes/substitute-placeholders-kmip.rst

@@ -25,7 +25,7 @@ Currently, MongoDB drivers support the following Key Management Providers:
 - `Amazon Web Services KMS <https://aws.amazon.com/kms/>`__
 - `Azure Key Vault <https://azure.microsoft.com/en-us/services/key-vault/>`__
 - `Google Cloud Platform Key Management <https://cloud.google.com/security-key-management>`__
-- `Any KMIP Compliant KMS <https://docs.oasis-open.org/kmip/spec/v1.0/os/kmip-spec-1.0-os.html>`__
+- `Any KMIP provider <https://docs.oasis-open.org/kmip/spec/v1.0/os/kmip-spec-1.0-os.html>`__
 - Local KMS provider
 
 Once you complete the steps in this guide, you should have:
@@ -93,8 +93,8 @@ provider:
 
       .. include:: /includes/steps/fle-convert-to-a-remote-master-key-gcp.rst
 
-   .. tab:: KMIP KMS
-      :tabid: kmip-kms
+   .. tab:: KMIP Provider
+      :tabid: kmip-provider
 
       .. include:: /includes/steps/fle-convert-to-a-remote-master-key-kmip.rst