openshift · xenolinux · Nov 14, 2025 · Nov 14, 2025
diff --git a/modules/secrets-store-aws.adoc b/modules/secrets-store-aws.adoc
@@ -15,22 +15,22 @@ endif::[]
 [id="secrets-store-aws_{context}"]
 = Mounting secrets from {secrets-store-provider}
 
-You can use the {secrets-store-operator} to mount secrets from {secrets-store-provider} to a CSI volume in {product-title}. To mount secrets from {secrets-store-provider}, your cluster must be installed on AWS and use AWS Security Token Service (STS).
+You can use the {secrets-store-operator} to mount secrets from {secrets-store-provider} external secrets store to a Container Storage Interface (CSI) volume in {product-title}.
 
 .Prerequisites
 
-* Your cluster is installed on AWS and uses AWS Security Token Service (STS).
-* You have installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions.
-* You have configured {secrets-store-provider} to store the required secrets.
-* You have extracted and prepared the `ccoctl` binary.
-* You have installed the `jq` CLI tool.
 * You have access to the cluster as a user with the `cluster-admin` role.
+* You have installed the `jq` tool.
+* You have extracted and prepared the `ccoctl` utility.
+* You have installed the cluster on {aws-first} and the cluster uses {aws-short} Security Token Service (STS).
+* You have installed the {secrets-store-operator}. For more information, see "Installing the {secrets-store-driver}".
+* You have configured {secrets-store-provider} to store the required secrets.
 
 .Procedure
 
 . Install the {secrets-store-provider} provider:
 
-.. Create a YAML file with the following configuration for the provider resources:
+.. Create a YAML file by using the following example configuration:
 +
 [IMPORTANT]
 ====
@@ -148,24 +148,23 @@ $ oc adm policy add-scc-to-user privileged -z csi-secrets-store-provider-aws -n
 $ oc apply -f aws-provider.yaml
 ----
 
-. Grant permission to allow the service account to read the AWS secret object:
+. Grant the read permission to the service account for the AWS secret object:
 
 .. Create a directory to contain the credentials request by running the following command:
 +
 [source,terminal]
 ----
-$ mkdir credentialsrequest-dir-aws
+$ mkdir <aws_creds_directory_name>
 ----
 
-.. Create a YAML file with the following configuration for the credentials request:
+.. Create a YAML file that defines the `CredentialsRequest` resource configuration. See the following example configuration:
 +
-.Example `credentialsrequest.yaml` file
 [source,yaml]
 ----
 apiVersion: cloudcredential.openshift.io/v1
 kind: CredentialsRequest
 metadata:
-  name: aws-provider-test
+  name: aws-creds-request
   namespace: openshift-cloud-credential-operator
 spec:
   providerSpec:
@@ -191,10 +190,10 @@ endif::aws-systems-manager-parameter-store[]
     name: aws-creds
     namespace: my-namespace
   serviceAccountNames:
-  - aws-provider
+  - <service_account_name>
 ----
 
-.. Retrieve the OIDC provider by running the following command:
+.. Retrieve the OpenID Connect (OIDC) provider by running the following command:
 +
 [source,terminal]
 ----
@@ -214,8 +213,8 @@ Copy the OIDC provider name `<oidc_provider_name>` from the output to use in the
 ----
 $ ccoctl aws create-iam-roles \
     --name my-role --region=<aws_region> \
-    --credentials-requests-dir=credentialsrequest-dir-aws \
-    --identity-provider-arn arn:aws:iam::<aws_account>:oidc-provider/<oidc_provider_name> --output-dir=credrequests-ccoctl-output
+    --credentials-requests-dir=<aws_creds_dir_name> \
+    --identity-provider-arn arn:aws:iam::<aws_account_id>:oidc-provider/<oidc_provider_name> --output-dir=<output_dir_name>
 ----
 +
 .Example output

diff --git a/modules/secrets-store-azure.adoc b/modules/secrets-store-azure.adoc
@@ -4,29 +4,29 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="secrets-store-azure_{context}"]
-= Mounting secrets from Azure Key Vault
+= Mounting secrets from {azure-short} Key Vault
 
-You can use the {secrets-store-operator} to mount secrets from Azure Key Vault to a CSI volume in {product-title}. To mount secrets from Azure Key Vault, your cluster must be installed on Microsoft Azure.
+You can use the {secrets-store-operator} to mount secrets from {azure-first} Key Vault to a Container Storage Interface (CSI) volume in {product-title}. To mount secrets from {azure-short} Key Vault.
 
 .Prerequisites
 
-* Your cluster is installed on Azure.
-* You have installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions.
-* You have configured Azure Key Vault to store the required secrets.
-* You have installed the Azure CLI (`az`).
+* Your have installed a cluster on {azure-short}.
 * You have access to the cluster as a user with the `cluster-admin` role.
+* You have installed the {azure-short} CLI (`az`).
+* You have installed the {secrets-store-operator}. See "Installing the {secrets-store-driver}" for instructions.
+* You have configured {azure-short} Key Vault to store the required secrets.
 
 .Procedure
 
-. Install the Azure Key Vault provider:
+. Install the {azure-short} Key Vault provider:
 
-.. Create a YAML file with the following configuration for the provider resources:
+.. Create a YAML file named `azure-provider.yaml` that defines the `ServiceAccount` resource configuration. See the following example configuration:
 +
 [IMPORTANT]
 ====
-The Azure Key Vault provider for the {secrets-store-driver} is an upstream provider.
+The {azure-short} Key Vault provider for the {secrets-store-driver} is an upstream provider.
 
-This configuration is modified from the configuration provided in the upstream link:https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/getting-started/installation/[Azure documentation] so that it works properly with {product-title}. Changes to this configuration might impact functionality.
+This configuration is modified from the configuration provided in the upstream link:https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/getting-started/installation/[{azure-short} documentation] so that it works properly with {product-title}. Changes to this configuration might impact functionality.
 ====
 +
 .Example `azure-provider.yaml` file
@@ -197,11 +197,11 @@ $ oc -n my-namespace label secret secrets-store-creds secrets-store.csi.k8s.io/u
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
-  name: my-azure-provider                 <1>
-  namespace: my-namespace                 <2>
+  name: my-azure-provider                 #<1>
+  namespace: my-namespace                 #<2>
 spec:
-  provider: azure                         <3>
-  parameters:                             <4>
+  provider: azure                         #<3>
+  parameters:                             #<4>
     usePodIdentity: "false"
     useVMManagedIdentity: "false"
     userAssignedIdentityID: ""
@@ -235,8 +235,8 @@ $ oc create -f secret-provider-class-azure.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: my-azure-deployment                            <1>
-  namespace: my-namespace                              <2>
+  name: my-azure-deployment                            #<1>
+  namespace: my-namespace                              #<2>
 spec:
   replicas: 1
   selector:
@@ -263,14 +263,14 @@ spec:
             driver: secrets-store.csi.k8s.io
             readOnly: true
             volumeAttributes:
-              secretProviderClass: "my-azure-provider" <3>
+              secretProviderClass: "my-azure-provider" #<3>
             nodePublishSecretRef:
-              name: secrets-store-creds                <4>
+              name: secrets-store-creds                #<4>
 ----
 <1> Specify the name for the deployment.
 <2> Specify the namespace for the deployment. This must be the same namespace as the secret provider class.
 <3> Specify the name of the secret provider class.
-<4> Specify the name of the Kubernetes secret that contains the service principal credentials to access Azure Key Vault.
+<4> Specify the name of the Kubernetes secret that contains the service principal credentials to access {azure-short} Key Vault.
 
 .. Create the `Deployment` object by running the following command:
 +
@@ -281,7 +281,7 @@ $ oc create -f deployment.yaml
 
 .Verification
 
-* Verify that you can access the secrets from Azure Key Vault in the pod volume mount:
+* Verify that you can access the secrets from {azure-short} Key Vault in the pod volume mount:
 
 .. List the secrets in the pod mount:
 +