Merge pull request #230714 from Nickomang/aks-csi-ambiguity

prmerger-automator[bot] · web-flow · commit 1007abe26b76 · 2023-03-14T20:38:14.000Z
Updated ambiguous headings
diff --git a/articles/aks/csi-secrets-store-identity-access.md b/articles/aks/csi-secrets-store-identity-access.md
@@ -10,9 +10,14 @@ ms.custom: devx-track-azurecli
 
 # Provide an identity to access the Azure Key Vault Provider for Secrets Store CSI Driver
 
-The Secrets Store CSI Driver on Azure Kubernetes Service (AKS) provides a variety of methods of identity-based access to your Azure key vault. This article outlines these methods and how to use them to access your key vault and its contents from your AKS cluster. For more information, see [Use the Secrets Store CSI Driver][csi-secrets-store-driver].  
+The Secrets Store CSI Driver on Azure Kubernetes Service (AKS) provides a variety of methods of identity-based access to your Azure key vault. This article outlines these methods and how to use them to access your key vault and its contents from your AKS cluster. For more information, see [Use the Secrets Store CSI Driver][csi-secrets-store-driver].
 
-## Use Azure AD workload identity (preview)
+Currently, the following methods of access are available:
+
+- Azure AD Workload identity (preview)
+- User-assigned managed identity
+
+## Access with an Azure AD workload identity (preview)
 
 An [Azure AD workload identity][workload-identity] is an identity used by an application running on a pod that can authenticate itself against other Azure services that support it, such as Storage or SQL. It integrates with the capabilities native to Kubernetes to federate with external identity providers. In this security model, the AKS cluster acts as token issuer where Azure Active Directory uses OpenID Connect to discover public signing keys and verify the authenticity of the service account token before exchanging it for an Azure AD token. Your workload can exchange a service account token projected to its volume for an Azure AD token using the Azure Identity client library using the Azure SDK or the Microsoft Authentication Library (MSAL).
 
@@ -154,7 +159,7 @@ Azure AD workload identity (preview) is supported on both Windows and Linux clus
     EOF   
     ```
 
-## Use the CSI Secret Store addon user-assigned managed identity
+## Access with a user-assigned managed identity
 
 1. To access your key vault, you can use the user-assigned managed identity that you created when you [enabled a managed identity on your AKS cluster][use-managed-identity]:
 
