docs(DOC-1834, DOC-1841): FIPS Docker image, 140-3 update, and style fixes

[mfernest]

Summary

Consolidates DOC-1834 (Docker image for FIPS binary) and DOC-1841 (FIPS 140-3 support) into a single PR, since both modify the same page.

DOC-1834: Docker image documentation

• Add == Configure FIPS mode with Docker section with two deployment methods (config file mount / flags)
• Document the FIPS-specific image: docker.redpanda.com/redpandadata/redpanda:<version>-fips
• Add Docker prerequisite callout and learning objective

DOC-1841: FIPS 140-3 support

• Update intro paragraph from FIPS 140-2 to FIPS 140-3
• Add WARNING admonition in Prerequisites: SCRAM passwords must be >= 14 characters before upgrading to 26.1
• Add Limitations bullet for the SCRAM password minimum

Style guide fixes

• Convert backtick code fences to AsciiDoc listing blocks
• Add bridging text before child heading
• Replace banned words (should, ensure, verify)
• Spell out FIPS on first mention
• Remove trailing whitespace
• Update xrefs to canonical paths

Preview page

Configure Redpanda for FIPS
What's New

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for redpanda-docs-preview ready!

Name	Link
🔨 Latest commit	4c2b7c9
🔍 Latest deploy log	https://app.netlify.com/projects/redpanda-docs-preview/deploys/69cae8fc1fb63300088065a5
😎 Deploy Preview	https://deploy-preview-1630--redpanda-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

The documentation page for FIPS compliance was updated to standardize terminology, expand deployment guidance, and restructure instructional content. The page metadata was updated with learning objectives, and terminology was refined to consistently use "FIPS-compliant" language. Docker deployment prerequisites were added, including guidance on using versioned FIPS images and Linux host requirements. The limitations section was adjusted to reflect host-level requirements for FIPS mode. A new "Configure FIPS mode with Docker" section replaced the "Suggested reading" section with concrete configuration examples, while existing reference links in the "Next steps" section were retained.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• micheleRP
• KavyaShivashankar

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title clearly identifies the main changes: adding Docker FIPS image documentation and updating to FIPS 140-3, with references to the specific Jira tickets.
Description check	✅ Passed	The PR description is detailed and comprehensive, covering multiple JIRA tickets, specific changes, style guide fixes, and a preview link.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/doc-1834-fips-docker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

modules/manage/pages/security/fips-compliance.adoc (1)

32-32: Use auto-title xrefs instead of hard-coded link text.

Prefer xref:...[] here for consistency with repo AsciiDoc linking conventions.

Suggested doc-only refactor

-Before configuring brokers to run in FIPS mode on Linux, install the `redpanda-rpk-fips` and `redpanda-fips` xref:deploy:deployment-option/self-hosted/manual/production/production-deployment.adoc#install-redpanda-for-fips-compliance[packages].
+Before configuring brokers to run in FIPS mode on Linux, install the `redpanda-rpk-fips` and `redpanda-fips` xref:deploy:deployment-option/self-hosted/manual/production/production-deployment.adoc#install-redpanda-for-fips-compliance[].

-- Redpanda does not support PKCS#12 keys for xref:manage:security/encryption.adoc[TLS encryption] when FIPS mode is enabled. The PKCS12KDF algorithm used in PKCS#12 is not FIPS-compliant. To use Redpanda in FIPS mode with TLS enabled, configure your certificates and keys in PEM format instead.
+- Redpanda does not support PKCS#12 keys for xref:manage:security/encryption.adoc[] when FIPS mode is enabled. The PKCS12KDF algorithm used in PKCS#12 is not FIPS-compliant. To use Redpanda in FIPS mode with TLS enabled, configure your certificates and keys in PEM format instead.

Based on learnings: AsciiDoc linking should prefer xref:...[] so link titles are pulled from target docs automatically.

Also applies to: 40-40

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/manage/pages/security/fips-compliance.adoc` at line 32, Replace the
hard-coded link text in the sentence beginning "Before configuring brokers to
run in FIPS mode on Linux, install the `redpanda-rpk-fips` and `redpanda-fips`
..." with an auto-title AsciiDoc cross-reference by using
xref:deploy:deployment-option/self-hosted/manual/production/production-deployment.adoc#install-redpanda-for-fips-compliance[]
instead of the explicit link text; apply the same change to the other occurrence
mentioned (lines 40-40) so both links use xref:...[] and pull titles
automatically.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@modules/manage/pages/security/fips-compliance.adoc`:
- Line 32: Replace the hard-coded link text in the sentence beginning "Before
configuring brokers to run in FIPS mode on Linux, install the
`redpanda-rpk-fips` and `redpanda-fips` ..." with an auto-title AsciiDoc
cross-reference by using
xref:deploy:deployment-option/self-hosted/manual/production/production-deployment.adoc#install-redpanda-for-fips-compliance[]
instead of the explicit link text; apply the same change to the other occurrence
mentioned (lines 40-40) so both links use xref:...[] and pull titles
automatically.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b3e187ec-6311-465d-b3a1-c26bd1b75e0c

📥 Commits

Reviewing files that changed from the base of the PR and between 4230c3f and 0d3ba66.

📒 Files selected for processing (1)

• modules/manage/pages/security/fips-compliance.adoc

[ivotron]

this could be https://github.com/openssl/openssl/blob/master/README-FIPS.md so that it is version-agnostic

[micheleRP]

fixed, thank you!

[ivotron]

lgtm. minor comment on updating a URL