Merge pull request #178591 from jlichwa/patch-187

PRMerger20 · web-flow · commit 9d1e71df17f2 · 2021-11-03T16:19:58.000-07:00
Update about-secrets.md
diff --git a/articles/key-vault/secrets/about-secrets.md b/articles/key-vault/secrets/about-secrets.md
@@ -24,7 +24,7 @@ Key Vault also supports a contentType field for secrets. Clients may specify the
 
 ## Encryption
 
-All secrets in your Key Vault are stored encrypted. This encryption is transparent, and requires no action from the user. The Azure Key Vault service encrypts your secrets when you add them, and decrypts them automatically when you read them. The encryption key is unique to each key vault.
+All secrets in your Key Vault are stored encrypted. Key Vault encrypts secrets at rest with a hierarchy of encryption keys, with all keys in that hierarchy are protected by modules that are FIPS 140-2 compliant. In all regions other than China, the root of that key hierarchy is protected by a module that is validated for FIPS 140-2 Level 2 or higher. In China, the root of that hierarchy is protected by a module that is validated for FIPS 140-2 Level 1. This encryption is transparent, and requires no action from the user. The Azure Key Vault service encrypts your secrets when you add them, and decrypts them automatically when you read them. The encryption key is unique to each key vault.
 
 ## Secret attributes
 
