MicrosoftDocs
diff --git a/‎articles/aks/developer-best-practices-pod-security.md
Lines changed: 9 additions & 9 deletions b/‎articles/aks/developer-best-practices-pod-security.md
Lines changed: 9 additions & 9 deletions
diff --git a/‎articles/aks/media/developer-best-practices-pod-security/basic-key-vault-flexvol.png renamed to ‎articles/aks/media/developer-best-practices-pod-security/basic-key-vault.png b/‎articles/aks/media/developer-best-practices-pod-security/basic-key-vault-flexvol.png renamed to ‎articles/aks/media/developer-best-practices-pod-security/basic-key-vault.png
@@ -70,7 +70,7 @@ To limit the risk of credentials being exposed in your application code, avoid t
 The following [associated AKS open source projects][aks-associated-projects] let you automatically authenticate pods or request credentials and keys from a digital vault:
 
 * Managed identities for Azure resources, and
-* Azure Key Vault FlexVol driver
+* [Azure Key Vault Provider for Secret Store CSI Driver](https://github.com/Azure/secrets-store-csi-driver-provider-azure#usage)
 
 Associated AKS open source projects are not supported by Azure technical support. They are provided to gather feedback and bugs from our community. These projects are not recommended for production use.
 
@@ -84,28 +84,28 @@ With a managed identity, your application code doesn't need to include credentia
 
 For more information about pod identities, see [Configure an AKS cluster to use pod managed identities and with your applications][aad-pod-identity]
 
-### Use Azure Key Vault with FlexVol
+### Use Azure Key Vault with Secrets Store CSI Driver
 
-Managed pod identities work great to authenticate against supporting Azure services. For your own services or applications without managed identities for Azure resources, you still authenticate using credentials or keys. A digital vault can be used to store these credentials.
+Using the pod identity project enables authentication against supporting Azure services. For your own services or applications without managed identities for Azure resources, you can still authenticate using credentials or keys. A digital vault can be used to store these credentials.
 
 When applications need a credential, they communicate with the digital vault, retrieve the latest credentials, and then connect to the required service. Azure Key Vault can be this digital vault. The simplified workflow for retrieving a credential from Azure Key Vault using pod managed identities is shown in the following diagram:
 
-![Simplified workflow for retrieving a credential from Key Vault using a pod managed identity](media/developer-best-practices-pod-security/basic-key-vault-flexvol.png)
+![Simplified workflow for retrieving a credential from Key Vault using a pod managed identity](media/developer-best-practices-pod-security/basic-key-vault.png)
 
-With Key Vault, you store and regularly rotate secrets such as credentials, storage account keys, or certificates. You can integrate Azure Key Vault with an AKS cluster using a FlexVolume. The FlexVolume driver lets the AKS cluster natively retrieve credentials from Key Vault and securely provide them only to the requesting pod. Work with your cluster operator to deploy the Key Vault FlexVol driver onto the AKS nodes. You can use a pod managed identity to request access to Key Vault and retrieve the credentials you need through the FlexVolume driver.
+With Key Vault, you store and regularly rotate secrets such as credentials, storage account keys, or certificates. You can integrate Azure Key Vault with an AKS cluster using the [Azure Key Vault provider for the Secret Store CSI Driver](https://github.com/Azure/secrets-store-csi-driver-provider-azure#usage). The Secret Store CSI driver enables the AKS cluster to natively retrieve credentials from Key Vault and securely provide them only to the requesting pod. Work with your cluster operator to deploy the Secret Store CSI Driver onto AKS worker nodes. You can use a pod managed identity to request access to Key Vault and retrieve the credentials needed through the Secret Store CSI Driver.
 
-Azure Key Vault with FlexVol is intended for use with applications and services running on Linux pods and nodes.
+Azure Key Vault with Secret Store CSI Driver is intended for use with applications and services running on Linux pods and nodes and requires a Kubernetes version of 1.16 or greater.
 
 ## Next steps
 
 This article focused on how to secure your pods. To implement some of these areas, see the following articles:
 
 * [Use managed identities for Azure resources with AKS][aad-pod-identity]
-* [Integrate Azure Key Vault with AKS][aks-keyvault-flexvol]
+* [Integrate Azure Key Vault with AKS][aks-keyvault-csi-driver]
 
 <!-- EXTERNAL LINKS -->
 [aad-pod-identity]: https://github.com/Azure/aad-pod-identity#demo
-[aks-keyvault-flexvol]: https://github.com/Azure/kubernetes-keyvault-flexvol
+[aks-keyvault-csi-driver]: https://github.com/Azure/secrets-store-csi-driver-provider-azure#usage
 [linux-capabilities]: http://man7.org/linux/man-pages/man7/capabilities.7.html
 [selinux-labels]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.12/#selinuxoptions-v1-core
 [aks-associated-projects]: https://github.com/Azure/AKS/blob/master/previews.md#associated-projects
@@ -114,4 +114,4 @@ This article focused on how to secure your pods. To implement some of these area
 [best-practices-cluster-security]: operator-best-practices-cluster-security.md
 [best-practices-container-image-management]: operator-best-practices-container-image-management.md
 [aks-pod-identities]: operator-best-practices-identity.md#use-pod-identities
-[apparmor-seccomp]: operator-best-practices-cluster-security.md#secure-container-access-to-resources
+[apparmor-seccomp]: operator-best-practices-cluster-security.md#secure-container-access-to-resources