From 051bff52beb66cfbd6f082d996f4966d4ea30456 Mon Sep 17 00:00:00 2001
From: "Scott G. Miller" <smiller@hashicorp.com>
Date: Wed, 24 Sep 2025 13:11:13 -0500
Subject: [PATCH 1/2] Document password policy entropy source

---
 .../content/api-docs/system/policies-password.mdx            | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx
index 9e17f8403d..95bb2ec85f 100644
--- a/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx	
+++ b/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx	
@@ -40,6 +40,11 @@ generation times.
   base64-encoded to avoid string escaping. See [Password Policy Syntax](/vault/docs/concepts/password-policies#password-policy-syntax)
   for details on password policy definitions.
 
+- `entropy_source` `(string: "")` - Specifies the source of entropy
+  (randomness) used to generate the passwords.  The default ("") and
+  "platform" source randomness from the platform RNG.  "seal" (enterprise
+  only) sources entropy from the entropy augmentation.
+
 ### Sample payload
 
 ```json

From fbebd27ad3fc263a8e43cd61635bc883b3e1573d Mon Sep 17 00:00:00 2001
From: "Scott G. Miller" <smiller@hashicorp.com>
Date: Thu, 25 Sep 2025 16:19:56 -0500
Subject: [PATCH 2/2] clarify difference between empty string and platform,
 accept other suggestions

---
 .../content/api-docs/system/policies-password.mdx      | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx
index 95bb2ec85f..36f7370e11 100644
--- a/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx	
+++ b/content/vault/v1.21.x (rc)/content/api-docs/system/policies-password.mdx	
@@ -40,11 +40,13 @@ generation times.
   base64-encoded to avoid string escaping. See [Password Policy Syntax](/vault/docs/concepts/password-policies#password-policy-syntax)
   for details on password policy definitions.
 
-- `entropy_source` `(string: "")` - Specifies the source of entropy
-  (randomness) used to generate the passwords.  The default ("") and
-  "platform" source randomness from the platform RNG.  "seal" (enterprise
-  only) sources entropy from the entropy augmentation.
+ `entropy_source` `(string: "")` - Specifies an override to the default source of entropy
+  (randomness) used to generate the passwords.  Must be one of:
+    - "" - source randomness from the default source.
+    - `platform` - source randomness from the platform RNG.
+    - `seal` - source entropy from the entropy augmentation. <EnterpriseAlert inline="true" />
 
+    
 ### Sample payload
 
 ```json