backport of commit 820f7ee (#21174)

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
hashicorp · Jun 13, 2023 · a27c15a · a27c15a
1 parent a610bec
commit a27c15a
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/website/content/api-docs/secret/pki.mdx b/website/content/api-docs/secret/pki.mdx
@@ -2900,9 +2900,11 @@ request is denied.
 - `no_store` `(bool: false)` - If set, certificates issued/signed against this
   role will not be stored in the storage backend. This can improve performance
   when issuing large numbers of certificates. However, certificates issued in
-  this way cannot be enumerated or revoked, so this option is recommended only
-  for certificates that are non-sensitive, or extremely short-lived. This
-  option implies a value of `false` for `generate_lease`.
+  this way cannot be enumerated or revoked via serial number. Certificates may
+  still be revoked via [BYOC revocation](#certificate-1).
+  This option is recommend only for certificates that are non-sensitive,
+  extremely short-lived, or have high volume/turn-over that would prohibit
+  storage. This option implies a value of `false` for `generate_lease`.
 
 - `require_cn` `(bool: true)` - If set to false, makes the `common_name` field
   optional while generating a certificate.