Apply suggestions from code review

Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Erik Godding Boye <egboye@gmail.com>
cert-manager · Nov 27, 2023 · 1d832da · 1d832da
1 parent f53b43d
commit 1d832da
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/content/docs/trust/trust-manager/README.md b/content/docs/trust/trust-manager/README.md
@@ -91,8 +91,9 @@ spec:
 - `inLine` - a manually specified string containing at least one certificate
 - `useDefaultCAs` - usually, a bundle of publicly trusted certificates
 
-`ConfigMap` is the default target resource type, but trust-manager also supports `Secret` as targets
-(since trust-manager v0.7.0), but that feature has to be explicitly enabled on the controller.
+`ConfigMap` is the default target type, but as of v0.7.0 trust-manager also supports `Secret` resources as targets.
+
+Support for `Secret` targets must be explicitly enabled in the trust-manager controller; see details below under "Enable Secret targets".
 
 All sources and target options are documented in the trust-manager [API reference documentation](./api-reference.md).
 
@@ -101,17 +102,15 @@ All sources and target options are documented in the trust-manager [API referenc
 All `Bundle` targets are written to `ConfigMap`s (and/or `Secret`s) whose name matches that of the
 `Bundle`, and every target has a PEM-formatted bundle included.
 
-Users can also optionally choose to write JKS/PKCS#12 formatted binary trust store(s) to the target.
-JKS is supported since trust-manager v0.5.0, while v0.7.0 add support for PKCS#12.
+Users can also optionally choose to write JKS/PKCS#12 formatted binary trust store(s) to targets.
+JKS has been supported since v0.5.0, and PKCS#12 since v0.7.0.
 
 We understand that any binary trust store require a password, even though trust bundles don't contain
 secrets. Both JKS and PKCS#12 uses weak encryption primitives, so a trust store (or keystore) will NOT
 be protected by a password alone, and needs to be protected by additional measures.
 Please understand that trust-manager provides these binary trust store formats to support legacy
 applications which do not support other formats.
-At present passwords to trust stores provided by trust-manager are hard-coded to `changeit` for JKS and
-`"""` (empty string; so called password-less) for PKCS#12 but this might be configurable on bundles
-in a future release of trust-manager.
+At present, passwords for trust stores are hard-coded to `changeit` for JKS and `""` (the empty string or "passwordless") for PKCS#12. Future releases of trust-manager may make this configurable.
 
 #### Namespace Selector