diff --git a/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs b/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
index 7a690089..b3aba494 100644
--- a/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
+++ b/Notation.Plugin.AzureKeyVault.Tests/Command/GenerateSignatureTests.cs
@@ -126,7 +126,7 @@ public async Task RunAsync_default_ReturnsValidGenerateSignatureResponseAsync()
             var request = new GenerateSignatureRequest(
                 contractVersion: "1.0",
                 keyId: keyId,
-                pluginConfig: new Dictionary<string, string>(){},
+                pluginConfig: new Dictionary<string, string>() { },
                 keySpec: expectedKeySpec,
                 hashAlgorithm: "SHA-256",
                 payload: Encoding.UTF8.GetBytes("Cg=="));
@@ -166,8 +166,9 @@ public void Constructor_Invalid()
         }
 
         [Fact]
-        public void RunAsync_NoSecertsGetPermission(){
-             // Arrange
+        public void RunAsync_NoSecertsGetPermission()
+        {
+            // Arrange
             var keyId = "https://testvault.vault.azure.net/keys/testkey/123";
             var expectedKeySpec = "RSA-2048";
             var mockSignature = new byte[] { 0x01, 0x02, 0x03, 0x04 };
@@ -181,7 +182,7 @@ public void Constructor_Invalid()
             var request = new GenerateSignatureRequest(
                 contractVersion: "1.0",
                 keyId: keyId,
-                pluginConfig: new Dictionary<string, string>(){},
+                pluginConfig: new Dictionary<string, string>() { },
                 keySpec: expectedKeySpec,
                 hashAlgorithm: "SHA-256",
                 payload: Encoding.UTF8.GetBytes("Cg=="));
@@ -192,8 +193,9 @@ public void Constructor_Invalid()
         }
 
         [Fact]
-        public void RunAsync_OtherRequestFailedException(){
-             // Arrange
+        public void RunAsync_OtherRequestFailedException()
+        {
+            // Arrange
             var keyId = "https://testvault.vault.azure.net/keys/testkey/123";
             var expectedKeySpec = "RSA-2048";
             var mockSignature = new byte[] { 0x01, 0x02, 0x03, 0x04 };
@@ -207,7 +209,7 @@ public void Constructor_Invalid()
             var request = new GenerateSignatureRequest(
                 contractVersion: "1.0",
                 keyId: keyId,
-                pluginConfig: new Dictionary<string, string>(){},
+                pluginConfig: new Dictionary<string, string>() { },
                 keySpec: expectedKeySpec,
                 hashAlgorithm: "SHA-256",
                 payload: Encoding.UTF8.GetBytes("Cg=="));
diff --git a/Notation.Plugin.AzureKeyVault/Command/GenerateSignature.cs b/Notation.Plugin.AzureKeyVault/Command/GenerateSignature.cs
index fcc13439..89ad37a7 100644
--- a/Notation.Plugin.AzureKeyVault/Command/GenerateSignature.cs
+++ b/Notation.Plugin.AzureKeyVault/Command/GenerateSignature.cs
@@ -66,7 +66,8 @@ public async Task<IPluginResponse> RunAsync()
                 }
                 catch (Azure.RequestFailedException ex)
                 {
-                    if (ex.Message.Contains("does not have secrets get permission")){
+                    if (ex.Message.Contains("does not have secrets get permission"))
+                    {
                         throw new PluginException("The plugin does not have secrets get permission. Please grant the permission to the credential associated with the plugin or specify the file path of the certificate chain bundle through the `ca_certs` parameter in the plugin config.");
                     }
                     throw;
diff --git a/docs/self-signed-workflow.md b/docs/self-signed-workflow.md
index 914aaba6..c47fb256 100644
--- a/docs/self-signed-workflow.md
+++ b/docs/self-signed-workflow.md
@@ -1,7 +1,7 @@
 # Sign and verify an artifact with a self-signed Azure Key Vault certificate
 > **Warning** Using self-signed certificates are intended for development and testing. Outside of development and testing, a certificate from a trusted CA is recommended.
-
-> **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL
+>
+> **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL.
 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli)
 2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificates`, `GetSecrets` and `Sign` permission for Azure Key Vault have been granted to your role:
    ```sh
@@ -80,7 +80,7 @@
    ```
 
    The following example output shows the artifact is successfully signed.
-   ```
+   ```sh
    Warning: Always sign the artifact using digest(@sha256:...) rather than a tag(:v1) because tags are mutable and a tag reference can point to a different artifact than the one signed.
    Successfully signed notation.azurecr.io/hello-world@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4
    ```
@@ -123,7 +123,7 @@
    notation verify $server/hello-world:v1
    ```
    The following output shows the artifact is successfully verified.
-   ```
+   ```sh
    Warning: Always verify the artifact using digest(@sha256:...) rather than a tag(:v1) because resolved digest may not point to the same signed artifact, as tags are mutable.
    Successfully verified signature for notation.azurecr.io/hello-world@sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4
    ```