backport of commit 32ba53f

website/content/docs/secrets/pki/cieps.mdx

@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: Certificate Issuance External Policy (CIEPS) | PKI - Secrets Engines
-description: An overview of the Certificate Issuance External Policy (CIEPS) protocol
+page_title: Certificate Issuance External Policy Service (CIEPS)
+description: >-
+   High-level architecture overview and service APIs used by the PKI secrets engine when communicating with the Certificate Issuance External Policy Service (CIEPS).
 ---
 
-# PKI secrets engine - Certificate Issuance External Policy Service (CIEPS) <EnterpriseAlert inline="true" />
+# Certificate Issuance External Policy Service (CIEPS) <EnterpriseAlert inline="true" />
 
 This document covers high-level architecture and service APIs used by the
 Vault PKI Secrets Engine when communicating with the Certificate Issuance

website/content/docs/secrets/pki/cmpv2.mdx

@@ -1,10 +1,10 @@
 ---
 layout: docs
-page_title: Certificate Management Protocol v2 (CMPv2) within Vault | PKI - Secrets Engines
+page_title: Certificate Management Protocol v2 (CMPv2)
 description: An overview of the Certificate Management Protocol (v2) implementation within Vault.
 ---
 
-# PKI secrets engine - Certificate Management Protocol v2 (CMPv2) <EnterpriseAlert inline="true" />
+# Certificate Management Protocol v2 (CMPv2) <EnterpriseAlert inline="true" />
 
 This document summarizes Vault's PKI Secrets Engine
 implementation of the [CMPv2 protocol](https://datatracker.ietf.org/doc/html/rfc4210) <EnterpriseAlert inline="true" />,

website/content/docs/secrets/pki/considerations.mdx

@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Considerations'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'PKI secrets engine considerations'
+description: >-
+   Understand the important considerations and guidance before using the PKI secrets engine to generate certificates before using the PKI secrets engine. 
 ---
 
-# PKI secrets engine - considerations
+# PKI secrets engine considerations
 
 To successfully deploy this secrets engine, there are a number of important
 considerations to be aware of, as well as some preparatory steps that should be

website/content/docs/secrets/pki/est.mdx

@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: Enrollment over Secure Transport (EST) within Vault | PKI - Secrets Engines
-description: An overview of the Enrollment over Secure Transport protocol implementation within Vault.
+page_title: Enrollment over Secure Transport (EST)
+description: >-
+   Understand the configuration and limitations of Vault's PKI secrets engine implementation of the Enrollment over Secure Transport (EST) protocol.
 ---
 
-# PKI secrets engine - Enrollment over Secure Transport (EST) <EnterpriseAlert inline="true" />
+# Enrollment over Secure Transport (EST) <EnterpriseAlert inline="true" />
 
 This document covers configuration and limitations of Vault's PKI Secrets Engine
 implementation of the [EST protocol](https://datatracker.ietf.org/doc/html/rfc7030) <EnterpriseAlert inline="true" />.

website/content/docs/secrets/pki/index.mdx

@@ -1,14 +1,22 @@
 ---
 layout: docs
-page_title: PKI - Secrets Engines
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: PKI secrets engine
+description: Dynamically generate X.509 certificates with the PKI secrets engine plugin.
 ---
 
 # PKI secrets engine
 
 @include 'x509-sha1-deprecation.mdx'
 
--> **Vault as Consul CA provider:** If you are using Vault 1.11.0+ as a Connect CA, run a Consul version which includes the fix for [GH-15525](https://github.com/hashicorp/consul/pull/15525). Refer to this [Knowledge Base article](https://support.hashicorp.com/hc/en-us/articles/11308460105491) for more details.
+<Note title="Vault as Consul CA provider">
+
+If you are using Vault 1.11.0+ as a Connect CA, run a Consul version which
+includes the fix for [GH-15525](https://github.com/hashicorp/consul/pull/15525).
+Refer to this [Knowledge Base
+article](https://support.hashicorp.com/hc/en-us/articles/11308460105491) for
+more details.
+
+</Note>
 
 The PKI secrets engine generates dynamic X.509 certificates. With this secrets
 engine, services can get certificates without going through the usual manual

website/content/docs/secrets/pki/quick-start-intermediate-ca.mdx

@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Quick Start: Intermediate CA Setup'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'Quick start: intermediate CA setup'
+description: >-
+   Set up a PKI secrets engine to create an intermediate authority using the root authority to sign the intermediate's certificate. 
 ---
 
-# PKI secrets engine - quick start - intermediate CA setup
+# Quick start: intermediate CA setup
 
 In the [first Quick Start guide](/vault/docs/secrets/pki/quick-start-root-ca),
 certificates were issued directly from the root certificate authority.

website/content/docs/secrets/pki/quick-start-root-ca.mdx

@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Quick Start: Root CA Setup'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'Quick start: root CA setup'
+description: >-
+   Set up a PKI secrets engine with a root CA certificate. 
 ---
 
-# PKI secrets engine - quick start - root CA setup
+# Quick start: root CA setup
 
 This document provides a brief overview of setting up a Vault PKI Secrets
 Engine with a Root CA certificate.

website/content/docs/secrets/pki/rotation-primitives.mdx

@@ -1,7 +1,8 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engine: Rotation Primitives'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: 'PKI secrets engine - rotation primitives'
+description: >-
+   Understand the primitive certificate types for root and intermediate CA rotation.  
 ---
 
 # PKI secrets engine - rotation primitives

website/content/docs/secrets/pki/setup.mdx

@@ -1,10 +1,11 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engines: Setup and Usage'
-description: The PKI secrets engine for Vault generates TLS certificates.
+page_title: Set up and use the PKI secrets engine
+description: >-
+   Enable and configure the PKI secrets engine to generates TLS certificates. 
 ---
 
-# PKI secrets engine - setup and usage
+# Set up and use the PKI secrets engine
 
 This document provides a brief overview of the setup and usage of the PKI
 Secrets Engine.

website/content/docs/secrets/pki/troubleshooting-acme.mdx

@@ -1,10 +1,10 @@
 ---
 layout: docs
-page_title: 'PKI - Secrets Engine: Troubleshooting ACME'
-description: Troubleshoot problems with ACME clients and Vault PKI Secrets Engine's ACME server.
+page_title: Troubleshoot PKI secrets engine and ACME
+description: Troubleshoot problems with ACME clients and Vault PKI secrets engine's ACME server.
 ---
 
-# Troubleshoot PKI Secrets Engine and ACME
+# Troubleshoot PKI secrets engine and ACME
 
 Solve common problems related to ACME client integration with Vault PKI
 Secrets Engine's ACME server.

website/content/partials/x509-sha1-deprecation.mdx

@@ -1,5 +1,9 @@
-~> **Note**: This engine can use external X.509 certificates as part of TLS or signature validation.
-   Verifying signatures against X.509 certificates that use SHA-1 is deprecated and is no longer
-   usable without a workaround starting in Vault 1.12. See the
-   [deprecation FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
-   for more information.
+<Note>
+
+This engine can use external X.509 certificates as part of TLS or signature validation.
+Verifying signatures against X.509 certificates that use SHA-1 is deprecated and is no longer
+usable without a workaround starting in Vault 1.12. See the
+[deprecation FAQ](/vault/docs/deprecation/faq#q-what-is-the-impact-of-removing-support-for-x-509-certificates-with-signatures-that-use-sha-1)
+for more information.
+
+</Note>