diff --git a/website/content/api-docs/secret/pki.mdx b/website/content/api-docs/secret/pki.mdx
index f691c18fea079..b8b5000881656 100644
--- a/website/content/api-docs/secret/pki.mdx
+++ b/website/content/api-docs/secret/pki.mdx
@@ -2900,9 +2900,11 @@ request is denied.
 - `no_store` `(bool: false)` - If set, certificates issued/signed against this
   role will not be stored in the storage backend. This can improve performance
   when issuing large numbers of certificates. However, certificates issued in
-  this way cannot be enumerated or revoked, so this option is recommended only
-  for certificates that are non-sensitive, or extremely short-lived. This
-  option implies a value of `false` for `generate_lease`.
+  this way cannot be enumerated or revoked via serial number. Certificates may
+  still be revoked via [BYOC revocation](#certificate-1).
+  This option is recommend only for certificates that are non-sensitive,
+  extremely short-lived, or have high volume/turn-over that would prohibit
+  storage. This option implies a value of `false` for `generate_lease`.
 
 - `require_cn` `(bool: true)` - If set to false, makes the `common_name` field
   optional while generating a certificate.