From 06fe3232d26f4d99207098bac933b60576c0c34e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?=
 <25320357+eedugon@users.noreply.github.com>
Date: Thu, 6 Nov 2025 17:45:29 +0100
Subject: [PATCH 1/6] private CA connections converted to snippets

---
 .../apikeys-local-ece-remote-private.md       | 36 ++++++++++++++
 .../apikeys-local-ece-remote-public.md        |  3 +-
 .../apikeys-local-ech-remote-private.md       | 35 ++++++++++++++
 .../apikeys-local-ech-remote-public.md        |  3 +-
 .../rcs-elasticsearch-api-snippet-self.md     |  6 ++-
 .../rcs-elasticsearch-api-snippet.md          |  4 +-
 .../_snippets/rcs-kibana-api-snippet-self.md  |  4 +-
 .../_snippets/rcs-kibana-api-snippet.md       |  4 +-
 .../remote-clusters/ec-remote-cluster-ece.md  | 47 +++++--------------
 .../ec-remote-cluster-other-ess.md            |  2 +-
 .../ec-remote-cluster-same-ess.md             |  2 +-
 .../ec-remote-cluster-self-managed.md         | 32 ++-----------
 .../ece-remote-cluster-ece-ess.md             |  2 +-
 .../ece-remote-cluster-other-ece.md           | 46 +++++-------------
 .../ece-remote-cluster-same-ece.md            |  2 +-
 .../ece-remote-cluster-self-managed.md        | 32 ++-----------
 16 files changed, 120 insertions(+), 140 deletions(-)
 create mode 100644 deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
 create mode 100644 deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md

diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
new file mode 100644
index 0000000000..81d00ffb93
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
@@ -0,0 +1,36 @@
+<!--
+This snippet is in use in the following locations:
+- xxx
+
+It requires remote_type substitution to be defined
+-->
+1. [Log into the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
+2. On the **Deployments** page, select your deployment.
+
+    Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
+
+3. Access the **Security** page of the deployment.
+4. Select **Remote Connections > Add trusted environment** and choose **{{remote_type}}**. Then click **Next**.
+5. Select **API keys** as authentication mechanism and click **Next**.
+6. When asked whether the Certificate Authority (CA) of the remote environment’s proxy or load-balancing infrastructure is public, select **No, it is private**.
+7. Add the API key:
+
+    1. Fill both fields.
+
+        * For the **Setting name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+        * For the **Secret**, paste the encoded cross-cluster API key.
+
+    2. Click **Add** to save the API key to the keystore.
+    3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
+
+8. Add the CA certificate of the remote deployment or cluster.
+9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
+10. Select **Create trust** to complete the configuration.
+11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
+
+    ::::{note}
+    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+    ::::
+
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
index efcd7836a4..62887da11e 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
@@ -13,11 +13,10 @@
 
     2. Click **Add** to save the API key to the keystore.
 
-5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+5. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
 
     ::::{note}
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-
 If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
new file mode 100644
index 0000000000..0ce4135d3e
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
@@ -0,0 +1,35 @@
+<!--
+This snippet is in use in the following locations:
+- xxx
+
+It requires remote_type substitution to be defined
+-->
+1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
+2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
+
+    On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
+
+3. From the navigation menu, select **Security**.
+4. Select **Remote Connections > Add trusted environment** and choose **{{remote_type}}**. Then click **Next**.
+5. Select **API keys** as authentication mechanism and click **Next**.
+6. When asked whether the Certificate Authority (CA) of the remote environment’s proxy or load-balancing infrastructure is public, select **No, it is private**.
+7. Add the API key:
+
+    1. Fill both fields.
+
+        * For the **Remote cluster name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+        * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
+
+    2. Click **Add** to save the API key to the keystore.
+    3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
+
+8. Add the CA certificate of the remote deployment or cluster.
+9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
+10. Select **Create trust** to complete the configuration.
+11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
+
+    ::::{note}
+    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+    ::::
+
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
\ No newline at end of file
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
index 5d91cfb8dd..a0cc0d1e45 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
@@ -13,11 +13,10 @@
 
     2. Click **Add** to save the API key.
 
-5. Restart the local deployment to reload the new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+5. Restart the local deployment to reload the new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.
 
     ::::{note}
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-
 If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
index 55b8e8f24b..1060e90113 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
@@ -2,12 +2,14 @@
 This snippet is in use in the following locations:
 - ece-remote-cluster-self-managed.md
 - ec-remote-cluster-self-managed.md
+- ece-enable-ccs-for-eck.md
+- ec-enable-ccs-for-eck.md
 -->
-To configure a self-managed cluster as a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
+To add a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
 
 * `Remote cluster alias`: When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI as **Remote cluster name**.
 * `mode`: `proxy`
-* `proxy_address`: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
+* `proxy_address`: Enter the endpoint of the remote cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
 
   Make sure you use the correct port for your authentication method:
   * **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).  
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md
index 82167d9272..53d072c5ff 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md
@@ -13,7 +13,7 @@ To configure a deployment as a remote cluster, use the [cluster update settings
 
 * `Remote cluster alias`: When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI as **Remote cluster name**.
 * `mode`: `proxy`
-* `proxy_address`: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section. 
+* `proxy_address`: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
    
    Using the API, this value can be obtained from the {{es}} resource info, concatenating the field `metadata.endpoint` and port `9400` using a semicolon.
 
@@ -21,7 +21,7 @@ To configure a deployment as a remote cluster, use the [cluster update settings
   If you’re using API keys as security model, change the port to `9443`.
   ::::
 
-* `server_name`: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section. 
+* `server_name`: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
    
    Using the API, this can be obtained from the {{es}} resource info field `metadata.endpoint`.
 
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
index 5ad7bd9089..25f580826c 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
@@ -2,6 +2,8 @@
 This snippet is in use in the following locations:
 - ece-remote-cluster-self-managed.md
 - ec-remote-cluster-self-managed.md
+- ece-enable-ccs-for-eck.md
+- ec-enable-ccs-for-eck.md
 -->
 1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Select **Add a remote cluster**.
@@ -12,7 +14,7 @@ This snippet is in use in the following locations:
     * **Remote cluster name**: This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish local and remote indices.
 
       When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
-    * **Remote address**: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port.
+    * **Remote address**: Enter the endpoint of the remote cluster, including the hostname, FQDN, or IP address, and the port.
 
       Make sure you use the correct port for your authentication method:
       * **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).  
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md
index e56faeb21a..3c8a19cc81 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet.md
@@ -18,7 +18,7 @@ It requires remote_type substitution to be defined
 
       When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
 
-    * **Remote address**: This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
+    * **Remote address**: This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Proxy address** from the **Remote cluster parameters** section.
 
       ::::{note}
       If you’re using API keys as security model, change the port to `9443`.
@@ -27,7 +27,7 @@ It requires remote_type substitution to be defined
     * **Configure advanced options** (optional): Expand this section if you need to customize additional settings.
       * **TLS server name**: Specify a value if the certificate presented by the remote cluster is signed for a different name than the remote address.
 
-        This value can be found on the **Security** page of the {{remote_type}} you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
+        This value can be found on the **Security** page of the {{remote_type}} deployment you want to use as a remote. Copy the **Server name** from the **Remote cluster parameters** section.
 
       * **Socket connections**: Define the number of connections to open with the remote cluster.
 
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
index 476ce601e9..d0550cc704 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
@@ -9,7 +9,7 @@ applies_to:
 products:
   - id: cloud-hosted
 sub:
-  remote_type: Elastic Cloud Enterprise deployment
+  remote_type: Elastic Cloud Enterprise
 ---
 
 # Connect {{ech}} deployments to an {{ece}} environment [ec-remote-cluster-ece]
@@ -58,47 +58,24 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 ::::
 
-
 ::::{dropdown} The CA is private
-1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
-
-    On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **{{ece}}**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
-    1. Fill both fields.
 
-        * For the **Remote cluster name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
-        * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
+Before configuring the local deployment, retrieve the CA certificate of the remote {{ece}} environment’s proxy or load-balancing infrastructure. To find this certificate:
 
-    2. Click **Add** to save the API key to the keystore.
-    3. Repeat these steps for each API key you want to add. For example, if you want to use several deployments of the remote environment for CCR or CCS.
+1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
+2. Select **Show certificate chain** under **Proxy**.
+3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
 
-7. Add the CA certificate of the private proxy or load balancing infrastructure of the remote environment. To find this certificate:
+    :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
+    :alt: Certificate to copy from the chain
+    :::
 
-    1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
-    2. Select **Show certificate chain** under **Proxy**.
-    3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
-    4. Save that file as `.crt`. It is now ready to be uploaded.
+4. Save that file as `.crt`.
 
-        :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
-        :alt: Certificate to copy from the chain
-        :::
+You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
 
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
-
-    ::::{note}
-    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-    ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ech-remote-private.md
+:::
 
 ::::
 ::::::
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
index 0c815ff348..7275d09010 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md
@@ -8,7 +8,7 @@ applies_to:
 products:
   - id: cloud-hosted
 sub:
-  remote_type: Elastic Cloud Hosted deployment
+  remote_type: Elastic Cloud Hosted
 ---
 
 # Connect to deployments in another {{ecloud}} organization [ec-remote-cluster-other-ess]
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
index d9c838abca..df7d4e794f 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md
@@ -8,7 +8,7 @@ applies_to:
 products:
   - id: cloud-hosted
 sub:
-  remote_type: Elastic Cloud Hosted deployment
+  remote_type: Elastic Cloud Hosted
 ---
 
 # Connect to deployments in the same {{ecloud}} organization [ec-remote-cluster-same-ess]
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
index 55dba71592..687f3cfb77 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
@@ -8,6 +8,8 @@ applies_to:
     self: ga
 products:
   - id: cloud-hosted
+sub:
+  remote_type: Self-managed
 ---
 
 # Connect {{ech}} deployments to self-managed clusters [ec-remote-cluster-self-managed]
@@ -54,35 +56,9 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 
 ::::{dropdown} The CA is private
-1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
-2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
 
-    On the **Hosted deployments** page you can narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **Self-managed**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
-    1. Fill both fields.
-
-        * For the **Remote cluster name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
-        * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
-
-    2. Click **Add** to save the API key to the keystore.
-    3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
-
-7. Add the CA certificate of the remote self-managed environment.
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
-
-    ::::{note}
-    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-    ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ech-remote-private.md
+:::
 
 ::::
 ::::::
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md b/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md
index 3ff8e83f6a..f1ec743a9c 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-ece-ess.md
@@ -9,7 +9,7 @@ applies_to:
 products:
   - id: cloud-enterprise
 sub:
-  remote_type: Elastic Cloud Hosted deployment
+  remote_type: Elastic Cloud Hosted
 ---
 
 # Connect {{ece}} deployments to an {{ecloud}} organization [ece-remote-cluster-ece-ess]
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md b/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
index 6acac7e01c..a2bc979520 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
@@ -8,7 +8,7 @@ applies_to:
 products:
   - id: cloud-enterprise
 sub:
-  remote_type: Elastic Cloud Enterprise deployment
+  remote_type: Elastic Cloud Enterprise
 ---
 
 # Connect to deployments in a different {{ece}} environment [ece-remote-cluster-other-ece]
@@ -58,45 +58,23 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 
 ::::{dropdown} The CA is private
-1. [Log into the Cloud UI](../deploy/cloud-enterprise/log-into-cloud-ui.md).
-2. On the **Deployments** page, select your deployment.
 
-    Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
+Before configuring the local deployment, retrieve the CA certificate of the remote {{ece}} environment's proxy or load-balancing infrastructure. To find this certificate:
 
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **{{ece}}**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
+1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
+2. Select **Show certificate chain** under **Proxy**.
+3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
 
-    1. Fill both fields.
+    :::{image} /deploy-manage/images/cloud-enterprise-remote-clusters-proxy-certificate.png
+    :alt: Certificate to copy from the chain
+    :::
 
-        * For the **Setting name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
-        * For the **Secret**, paste the encoded cross-cluster API key.
+4. Save that file as `.crt`.
 
-    2. Click **Add** to save the API key to the keystore.
-    3. Repeat these steps for each API key you want to add. For example, if you want to use several deployments of the remote environment for CCR or CCS.
+You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
 
-7. Add the CA certificate of the private proxy or load balancing infrastructure of the remote environment. To find this certificate:
-
-    1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
-    2. Select **Show certificate chain** under **Proxy**.
-    3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
-    4. Save that file as `.crt`. It is now ready to be uploaded.
-
-        :::{image} /deploy-manage/images/cloud-enterprise-remote-clusters-proxy-certificate.png
-        :alt: Certificate to copy from the chain
-        :::
-
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
-
-    ::::{note}
-    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-    ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ece-remote-private.md
+:::
 
 ::::
 ::::::
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md b/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md
index 4b3e01c7b9..3fb576a60b 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-same-ece.md
@@ -8,7 +8,7 @@ applies_to:
 products:
   - id: cloud-enterprise
 sub:
-  remote_type: Elastic Cloud Enterprise deployment
+  remote_type: Elastic Cloud Enterprise
 ---
 
 # Connect to deployments in the same {{ece}} environment [ece-remote-cluster-same-ece]
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
index 401c0fa104..2c94f609a5 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
@@ -8,6 +8,8 @@ applies_to:
     self: ga
 products:
   - id: cloud-enterprise
+sub:
+  remote_type: Self-managed
 ---
 
 # Connect {{ece}} deployments to self-managed clusters [ece-remote-cluster-self-managed]
@@ -55,35 +57,9 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 
 ::::{dropdown} The CA is private
-1. [Log into the Cloud UI](../deploy/cloud-enterprise/log-into-cloud-ui.md).
-2. On the **Deployments** page, select your deployment.
 
-    Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
-
-3. Access the **Security** page of the deployment.
-4. Select **Remote Connections > Add trusted environment** and choose **Self-managed**. Then click **Next**.
-5. Select **API keys** as authentication mechanism and click **Next**.
-6. Add a the API key:
-
-    1. Fill both fields.
-
-        * For the **Setting name**, enter the the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
-        * For the **Secret**, paste the encoded cross-cluster API key.
-
-    2. Click **Add** to save the API key to the keystore.
-    3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
-
-7. Add the CA certificate of the remote self-managed environment.
-8. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page.
-9. Select **Create trust** to complete the configuration.
-10. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
-
-    ::::{note}
-    If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-    ::::
-
-
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+:::{include} _snippets/apikeys-local-ece-remote-private.md
+:::
 
 ::::
 ::::::

From f7211a060bdd988c4daf4e2c91f9d399bc5befb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?=
 <25320357+eedugon@users.noreply.github.com>
Date: Thu, 6 Nov 2025 22:27:29 +0100
Subject: [PATCH 2/6] comments updated

---
 .../_snippets/apikeys-local-ece-remote-private.md          | 3 ++-
 .../_snippets/apikeys-local-ece-remote-public.md           | 7 +++++++
 .../_snippets/apikeys-local-ech-remote-private.md          | 3 ++-
 .../_snippets/apikeys-local-ech-remote-public.md           | 7 +++++++
 .../_snippets/rcs-elasticsearch-api-snippet-self.md        | 2 --
 .../_snippets/rcs-kibana-api-snippet-self.md               | 2 --
 6 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
index 81d00ffb93..0f261eb8bc 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
@@ -1,6 +1,7 @@
 <!--
 This snippet is in use in the following locations:
-- xxx
+- ece-remote-cluster-self-managed.md
+- ece-remote-cluster-other-ece.md
 
 It requires remote_type substitution to be defined
 -->
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
index 62887da11e..88d0d66afd 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
@@ -1,3 +1,10 @@
+<!--
+This snippet is in use in the following locations:
+- ece-remote-cluster-self-managed.md
+- ece-remote-cluster-same-ece.md
+- ece-remote-cluster-other-ece.md
+- ece-remote-cluster-ece-ess.md
+-->
 1. [Log into the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
 2. On the **Deployments** page, select your deployment.
 
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
index 0ce4135d3e..6a48505fac 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
@@ -1,6 +1,7 @@
 <!--
 This snippet is in use in the following locations:
-- xxx
+- ec-remote-cluster-self-managed.md
+- ec-remote-cluster-ece.md
 
 It requires remote_type substitution to be defined
 -->
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
index a0cc0d1e45..9f21e7c47b 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
@@ -1,3 +1,10 @@
+<!--
+This snippet is in use in the following locations:
+- ec-remote-cluster-self-managed.md
+- ec-remote-cluster-same-ess.md
+- ec-remote-cluster-other-ess.md
+- ec-remote-cluster-ece.md
+-->
 1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
 2. On the home page, find your hosted deployment and select **Manage** to access it directly. Or, select **Hosted deployments** to go to the **Hosted deployments** page to view all of your deployments.
 
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
index 1060e90113..7aa6cd014e 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
@@ -2,8 +2,6 @@
 This snippet is in use in the following locations:
 - ece-remote-cluster-self-managed.md
 - ec-remote-cluster-self-managed.md
-- ece-enable-ccs-for-eck.md
-- ec-enable-ccs-for-eck.md
 -->
 To add a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
 
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
index 25f580826c..46c102530d 100644
--- a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
+++ b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
@@ -2,8 +2,6 @@
 This snippet is in use in the following locations:
 - ece-remote-cluster-self-managed.md
 - ec-remote-cluster-self-managed.md
-- ece-enable-ccs-for-eck.md
-- ec-enable-ccs-for-eck.md
 -->
 1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Select **Add a remote cluster**.

From 51e1b0ee53662a2082cedcce1dc0cf44534165c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?=
 <25320357+eedugon@users.noreply.github.com>
Date: Thu, 6 Nov 2025 23:03:21 +0100
Subject: [PATCH 3/6] extra snippet and refinement

---
 .../_snippets/apikeys-local-ece-remote-private.md |  6 +++---
 .../_snippets/apikeys-local-ech-remote-private.md |  2 +-
 .../remote-clusters/_snippets/retrieve-ece-ca.md  | 14 ++++++++++++++
 .../ec-edit-remove-trusted-environment.md         |  4 ++--
 .../remote-clusters/ec-remote-cluster-ece.md      | 15 ++-------------
 .../ece-edit-remove-trusted-environment.md        | 14 +++++++-------
 .../ece-remote-cluster-other-ece.md               | 15 ++-------------
 7 files changed, 31 insertions(+), 39 deletions(-)
 create mode 100644 deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md

diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
index 0f261eb8bc..6473d1171d 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
@@ -18,13 +18,13 @@ It requires remote_type substitution to be defined
 
     1. Fill both fields.
 
-        * For the **Setting name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
-        * For the **Secret**, paste the encoded cross-cluster API key.
+        * For the **Remote cluster name**, enter the alias of your choice. You will use this alias to connect to the remote cluster later. It must be lowercase and only contain letters, numbers, dashes and underscores.
+        * For the **Cross-cluster API key**, paste the encoded cross-cluster API key.
 
     2. Click **Add** to save the API key to the keystore.
     3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
 
-8. Add the CA certificate of the remote deployment or cluster.
+8. Add the CA certificate of the remote environment.
 9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
 10. Select **Create trust** to complete the configuration.
 11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
index 6a48505fac..e7cc9e4379 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
@@ -24,7 +24,7 @@ It requires remote_type substitution to be defined
     2. Click **Add** to save the API key to the keystore.
     3. Repeat these steps for each API key you want to add. For example, if you want to use several clusters of the remote environment for CCR or CCS.
 
-8. Add the CA certificate of the remote deployment or cluster.
+8. Add the CA certificate of the remote environment.
 9. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment's **Security** page.
 10. Select **Create trust** to complete the configuration.
 11. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page, locate the **Actions** menu, and select **Restart {{es}}**.
diff --git a/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md b/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
new file mode 100644
index 0000000000..71927be6b6
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
@@ -0,0 +1,14 @@
+Before configuring the local deployment, retrieve the CA certificate of the remote ECE proxy. To find this certificate:
+
+1. In the remote ECE environment, go to **Platform > Settings > TLS certificates**.
+2. Select **Show certificate chain** under **Proxy**.
+3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
+
+    :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
+    :alt: Certificate to copy from the chain
+    :::
+
+4. Save that file as `.crt`.
+
+You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
+
diff --git a/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md b/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
index 70a782d342..0556e2b8e7 100644
--- a/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
+++ b/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
@@ -72,13 +72,13 @@ If you need to update the permissions granted by a cross-cluster API key for a r
 4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
 5. Add the new API key by selecting **Add API key**.
 
-    * For the **Setting name**, enter the same alias that was used for the previous key.
+    * For the **Remote cluster name**, enter the same alias that was used for the previous key.
 
       ::::{note}
       If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
       ::::
 
-    * For the **Secret**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
+    * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
 
 6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
 
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
index 4c35eed582..b80cffea85 100644
--- a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
+++ b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md
@@ -63,19 +63,8 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 ::::{dropdown} The CA is private
 
-Before configuring the local deployment, retrieve the CA certificate of the remote {{ece}} environment’s proxy or load-balancing infrastructure. To find this certificate:
-
-1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
-2. Select **Show certificate chain** under **Proxy**.
-3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
-
-    :::{image} /deploy-manage/images/cloud-remote-clusters-proxy-certificate.png
-    :alt: Certificate to copy from the chain
-    :::
-
-4. Save that file as `.crt`.
-
-You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
+:::{include} _snippets/retrieve-ece-ca.md
+:::
 
 :::{include} _snippets/apikeys-local-ech-remote-private.md
 :::
diff --git a/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md b/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
index 54b870ad44..cf4176a2f8 100644
--- a/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
+++ b/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
@@ -68,17 +68,17 @@ If you need to update the permissions granted by a cross-cluster API key for a r
 
 1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
 2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
-3. Go to the **Security** page of the local deployment and locate the **Remote connections** section.
+3. From the navigation menu, select **Security** and locate the **Remote connections** section.
 4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
-5. Add the new API key by selecting **Add an API key**.
+5. Add the new API key by selecting **Add API key**.
 
-   * For the **Setting name**, enter the same alias that was used for the previous key.
+    * For the **Remote cluster name**, enter the same alias that was used for the previous key.
 
-     ::::{note}
-     If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
-     ::::
+      ::::{note}
+      If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
+      ::::
 
-   * For the **Secret**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
+    * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
 
 6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
 
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md b/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
index 7088c70cab..9acba46756 100644
--- a/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
+++ b/deploy-manage/remote-clusters/ece-remote-cluster-other-ece.md
@@ -62,19 +62,8 @@ The steps to follow depend on whether the Certificate Authority (CA) of the remo
 
 ::::{dropdown} The CA is private
 
-Before configuring the local deployment, retrieve the CA certificate of the remote {{ece}} environment's proxy or load-balancing infrastructure. To find this certificate:
-
-1. In the remote {{ece}} environment, go to **Platform > Settings > TLS certificates**.
-2. Select **Show certificate chain** under **Proxy**.
-3. Click **Copy root certificate** and paste it into a new file. The root certificate is the last certificate shown in the chain.
-
-    :::{image} /deploy-manage/images/cloud-enterprise-remote-clusters-proxy-certificate.png
-    :alt: Certificate to copy from the chain
-    :::
-
-4. Save that file as `.crt`.
-
-You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
+:::{include} _snippets/retrieve-ece-ca.md
+:::
 
 :::{include} _snippets/apikeys-local-ece-remote-private.md
 :::

From d7e02b1fe9dba527d5d00ecfe94cd56e9c36947d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?=
 <25320357+eedugon@users.noreply.github.com>
Date: Thu, 6 Nov 2025 23:33:25 +0100
Subject: [PATCH 4/6] manage trusted environments converted to snippets

---
 .../apikeys-local-ece-remote-private.md       |  2 +-
 .../apikeys-local-ece-remote-public.md        |  2 +-
 .../apikeys-local-ech-remote-private.md       |  2 +-
 .../apikeys-local-ech-remote-public.md        |  2 +-
 .../trusted-environment-change-api-key.md     | 27 +++++++
 .../_snippets/trusted-environment-manage.md   |  6 ++
 .../trusted-environment-remove-cert.md        | 17 +++++
 .../trusted-environment-update-cert.md        | 15 ++++
 .../ec-edit-remove-trusted-environment.md     | 72 +++----------------
 .../ece-edit-remove-trusted-environment.md    | 72 +++----------------
 10 files changed, 87 insertions(+), 130 deletions(-)
 create mode 100644 deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
 create mode 100644 deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md
 create mode 100644 deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md
 create mode 100644 deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md

diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
index 6473d1171d..53fa2c2e66 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
@@ -33,5 +33,5 @@ It requires remote_type substitution to be defined
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
 
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
index 88d0d66afd..c90dce8320 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-public.md
@@ -26,4 +26,4 @@ This snippet is in use in the following locations:
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#ece-edit-remove-trusted-environment-api-key).
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
index e7cc9e4379..b99d1b1b5d 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-private.md
@@ -33,4 +33,4 @@ It requires remote_type substitution to be defined
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
\ No newline at end of file
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
\ No newline at end of file
diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
index 9f21e7c47b..b18e85989d 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ech-remote-public.md
@@ -26,4 +26,4 @@ This snippet is in use in the following locations:
     If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
     ::::
 
-If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#ec-edit-remove-trusted-environment-api-key).
+If you need to update the remote connection with different permissions later, refer to [Change a cross-cluster API key used for a remote connection](/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md#edit-remove-trusted-environment-api-key).
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
new file mode 100644
index 0000000000..c865184aa3
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
@@ -0,0 +1,27 @@
+This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
+
+::::{note}
+If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
+::::
+
+
+1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
+2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
+3. From the navigation menu, select **Security** and locate the **Remote connections** section.
+4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
+5. Add the new API key by selecting **Add API key**.
+
+    * For the **Remote cluster name**, enter the same alias that was used for the previous key.
+
+      ::::{note}
+      If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
+      ::::
+
+    * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
+
+6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+
+   ::::{note}
+   If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
+   ::::
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md
new file mode 100644
index 0000000000..7bd95a7fbe
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-manage.md
@@ -0,0 +1,6 @@
+From a deployment's **Security** page, you can manage trusted environments that were created previously. This can happen when:
+
+* You no longer need a trusted environment and want to remove it.
+* You want to refresh the certificate, or add or remove trusted deployments of an existing trusted environment relying on certificates as a security model.
+* You want to remove or update the access level granted by a cross-cluster API key.
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md
new file mode 100644
index 0000000000..d6df3a98a6
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-remove-cert.md
@@ -0,0 +1,17 @@
+By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
+
+::::{note}
+With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer to [Change a cross-cluster API key used for a remote connection](#edit-remove-trusted-environment-api-key).
+::::
+
+1. Go to the deployment's **Security** page.
+2. In the list of trusted environments, locate the one you want to remove.
+3. Remove it using the corresponding `delete` icon.
+
+   :::{image} /deploy-manage/images/cloud-delete-trust-environment.png
+   :alt: button for deleting a trusted environment
+   :::
+
+1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
+2. In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.
+
diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md
new file mode 100644
index 0000000000..fe53ce133b
--- /dev/null
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-update-cert.md
@@ -0,0 +1,15 @@
+1. Go to the deployment's **Security** page.
+2. In the list of trusted environments, locate the one you want to edit.
+3. Open its details by selecting the `Edit` icon.
+
+   :::{image} /deploy-manage/images/cloud-edit-trust-environment.png
+   :alt: button for editing a trusted environment
+   :::
+
+4. Edit the trust configuration for that environment:
+
+   * From the **Trust level** tab, you can add or remove trusted deployments.
+   * From the **Environment settings** tab, you can manage the certificates and the label of the environment.
+
+5. Save your changes.
+
diff --git a/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md b/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
index 0556e2b8e7..6ac840ac9c 100644
--- a/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
+++ b/deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
@@ -11,77 +11,23 @@ products:
 
 # Manage trusted environments for remote connections in {{ech}} [ec-edit-remove-trusted-environment]
 
-From a deployment’s **Security** page, you can manage trusted environments that were created previously. This can happen when:
-
-* You no longer need a trusted environment and want to remove it.
-* You want to refresh the certificate, or add or remove trusted deployments of an existing trusted environment relying on certificates as a security model.
-* You want to remove or update the access level granted by a cross-cluster API key.
+:::{include} _snippets/trusted-environment-manage.md
+:::
 
 
 ## Remove a certificate-based trusted environment [ec_remove_a_trusted_environment]
 
-By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
-
-::::{note}
-With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer to [Change a cross-cluster API key used for a remote connection](#ec-edit-remove-trusted-environment-api-key).
-::::
-
-
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to remove.
-3. Remove it using the corresponding `delete` icon.
-
-   :::{image} /deploy-manage/images/cloud-delete-trust-environment.png
-   :alt: button for deleting a trusted environment
-   :::
-
-1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
-2. In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.
+:::{include} _snippets/trusted-environment-remove-cert.md
+:::
 
 
 ## Update a certificate-based trusted environment [ec_update_a_certificate_based_trusted_environment]
 
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to edit.
-3. Open its details by selecting the `Edit` icon.
-
-   :::{image} /deploy-manage/images/cloud-edit-trust-environment.png
-   :alt: button for editing a trusted environment
-   :::
-
-4. Edit the trust configuration for that environment:
-
-   * From the **Trust level** tab, you can add or remove trusted deployments.
-   * From the **Environment settings** tab, you can manage the certificates and the label of the environment.
-
-5. Save your changes.
-
-
-## Change a cross-cluster API key used for a remote connection [ec-edit-remove-trusted-environment-api-key]
-
-This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
-
-::::{note}
-If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
-::::
-
-
-1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
-2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
-3. From the navigation menu, select **Security** and locate the **Remote connections** section.
-4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
-5. Add the new API key by selecting **Add API key**.
-
-    * For the **Remote cluster name**, enter the same alias that was used for the previous key.
-
-      ::::{note}
-      If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
-      ::::
+:::{include} _snippets/trusted-environment-update-cert.md
+:::
 
-    * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
 
-6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+## Change a cross-cluster API key used for a remote connection [edit-remove-trusted-environment-api-key]
 
-   ::::{note}
-   If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-   ::::
+:::{include} _snippets/trusted-environment-change-api-key.md
+:::
diff --git a/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md b/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
index cf4176a2f8..0a8090be7f 100644
--- a/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
+++ b/deploy-manage/remote-clusters/ece-edit-remove-trusted-environment.md
@@ -11,77 +11,23 @@ products:
 
 # Manage trusted environments for remote connections in {{ece}} [ece-edit-remove-trusted-environment]
 
-From a deployment’s **Security** page, you can manage trusted environments that were created previously. This can happen when:
-
-* You no longer need a trusted environment and want to remove it.
-* You want to refresh the certificate, or add or remove trusted deployments of an existing trusted environment relying on certificates as a security model.
-* You want to remove or update the access level granted by a cross-cluster API key.
+:::{include} _snippets/trusted-environment-manage.md
+:::
 
 
 ## Remove a certificate-based trusted environment [ece_remove_a_trusted_environment]
 
-By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
-
-::::{note}
-With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer to [Update the access level of a remote cluster connection relying on a cross-cluster API key](#ece-edit-remove-trusted-environment-api-key).
-::::
-
-
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to remove.
-3. Remove it using the corresponding `delete` icon.
-
-   :::{image} /deploy-manage/images/cloud-enterprise-delete-trust-environment.png
-   :alt: button for deleting a trusted environment
-   :::
-
-1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
-2. In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.
+:::{include} _snippets/trusted-environment-remove-cert.md
+:::
 
 
 ## Update a certificate-based trusted environment [ece_update_a_certificate_based_trusted_environment]
 
-1. Go to the deployment’s **Security** page.
-2. In the list of trusted environments, locate the one you want to edit.
-3. Open its details by selecting the `Edit` icon.
-
-   :::{image} /deploy-manage/images/cloud-enterprise-edit-trust-environment.png
-   :alt: button for editing a trusted environment
-   :::
-
-4. Edit the trust configuration for that environment:
-
-   * From the **Trust level** tab, you can add or remove trusted deployments.
-   * From the **Environment settings** tab, you can manage the certificates and the label of the environment.
-
-5. Save your changes.
-
-
-## Change a cross-cluster API key used for a remote connection [ece-edit-remove-trusted-environment-api-key]
-
-This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.
-
-::::{note}
-If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in {{kib}}.
-::::
-
-
-1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
-2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
-3. From the navigation menu, select **Security** and locate the **Remote connections** section.
-4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
-5. Add the new API key by selecting **Add API key**.
-
-    * For the **Remote cluster name**, enter the same alias that was used for the previous key.
-
-      ::::{note}
-      If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
-      ::::
+:::{include} _snippets/trusted-environment-update-cert.md
+:::
 
-    * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
 
-6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
+## Change a cross-cluster API key used for a remote connection [edit-remove-trusted-environment-api-key]
 
-   ::::{note}
-   If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
-   ::::
+:::{include} _snippets/trusted-environment-change-api-key.md
+:::

From 34d823e7ed7a36f979721adfd2261022ee392ea2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?=
 <25320357+eedugon@users.noreply.github.com>
Date: Thu, 6 Nov 2025 23:40:26 +0100
Subject: [PATCH 5/6] link fixed

---
 .../_snippets/trusted-environment-change-api-key.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md b/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
index c865184aa3..c64b299051 100644
--- a/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
+++ b/deploy-manage/remote-clusters/_snippets/trusted-environment-change-api-key.md
@@ -5,16 +5,16 @@ If you need to update the permissions granted by a cross-cluster API key for a r
 ::::
 
 
-1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](../api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
+1. On the deployment you will use as remote, use the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-create-cross-cluster-api-key) or [{{kib}}](/deploy-manage/api-keys/elasticsearch-api-keys.md) to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for {{ccs}} or {{ccr}}.
 2. Copy the encoded key (`encoded` in the response) to a safe location. You will need it in the next steps.
-3. From the navigation menu, select **Security** and locate the **Remote connections** section.
+3. From the navigation menu of your local deployment, select **Security** and locate the **Remote connections** section.
 4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.
 5. Add the new API key by selecting **Add API key**.
 
     * For the **Remote cluster name**, enter the same alias that was used for the previous key.
 
       ::::{note}
-      If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
+      If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Remote cluster name** that matches the new alias.
       ::::
 
     * For the **Cross-cluster API key**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.

From bf9c2ecf70233f55d06f3e8588a1954ca1bf58e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?=
 <25320357+eedugon@users.noreply.github.com>
Date: Fri, 7 Nov 2025 13:09:40 +0100
Subject: [PATCH 6/6] Apply suggestions from code review

Co-authored-by: Vlada Chirmicci <vlada.chirmicci@elastic.co>
---
 .../_snippets/apikeys-local-ece-remote-private.md             | 2 +-
 deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
index 53fa2c2e66..cb69f1a66d 100644
--- a/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
+++ b/deploy-manage/remote-clusters/_snippets/apikeys-local-ece-remote-private.md
@@ -5,7 +5,7 @@ This snippet is in use in the following locations:
 
 It requires remote_type substitution to be defined
 -->
-1. [Log into the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
+1. [Log in to the Cloud UI](/deploy-manage/deploy/cloud-enterprise/log-into-cloud-ui.md).
 2. On the **Deployments** page, select your deployment.
 
     Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
diff --git a/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md b/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
index 71927be6b6..47989a6784 100644
--- a/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
+++ b/deploy-manage/remote-clusters/_snippets/retrieve-ece-ca.md
@@ -8,7 +8,7 @@ Before configuring the local deployment, retrieve the CA certificate of the remo
     :alt: Certificate to copy from the chain
     :::
 
-4. Save that file as `.crt`.
+4. Save the file as `.crt`.
 
-You can now proceed to configure the local deployment. The CA file you just saved will be used in one of the following steps.
+You can now proceed to configure the local deployment. The CA file you saved will be used in one of the following steps.