edit pass

megvanhuygen · megvanhuygen · commit 31123dcada4b · 2019-12-30T23:40:52.000-08:00
diff --git a/articles/service-fabric/service-fabric-application-secret-store.md b/articles/service-fabric/service-fabric-application-secret-store.md
@@ -1,16 +1,16 @@
 ---
-title: Service Fabric Secrets Store 
-description: This article describes how to use Service Fabric Secrets Store.
+title: Azure Service Fabric Central Secrets Store 
+description: This article describes how to use Central Secrets Store in Azure Service Fabric.
 
 ms.topic: conceptual 
 ms.date: 07/25/2019
 ---
 
-#  Service Fabric Secrets Store
-This article describes how to create and use secrets in Service Fabric applications using Service Fabric Secrets Store(CSS). CSS is a local secret store cache, used to keep sensitive data such as a password, tokens, and keys encrypted in memory.
+# Central Secrets Store in Azure Service Fabric 
+This article describes how to use Central Secrets Store (CSS) in Azure Service Fabric to create secrets in Service Fabric applications. CSS is a local secret store cache that keeps sensitive data, such as a password, tokens, and keys, encrypted in memory.
 
-## Enabling Secrets Store
- Add the below to your cluster configuration under `fabricSettings` to enable CSS. It's recommended to use a certificate different from cluster certificate for CSS. Make sure the encryption certificate is installed on all nodes and `NetworkService` has read permission to certificate's private key.
+## Enable Central Secrets Store
+ Add the following script to your cluster configuration under `fabricSettings` to enable CSS. It's recommended that you use a certificate other than a cluster certificate for CSS. Make sure the encryption certificate is installed on all nodes and that `NetworkService` has read permission to the certificate's private key.
   ```json
     "fabricSettings": 
     [
@@ -42,10 +42,14 @@ This article describes how to create and use secrets in Service Fabric applicati
         ...
      ]
 ```
-## Declare secret resource
-You can create a secret resource either using the Resource Manager template or using the REST API.
+## Declare a secret resource
+You can create a secret resource by using either the Resource Manager template or the REST API.
+
+### Use the Resource Manager
+
+Use the following template to use Resource Manager to create the secret resource. The template creates a `supersecret` secret resource, but no value is set for the secret resource yet.
+
 
-* Using Resource Manager template
 ```json
    "resources": [
       {
@@ -62,20 +66,20 @@ You can create a secret resource either using the Resource Manager template or u
         }
       ]
 ```
-The above template creates `supersecret` secret resource, but no value is set for the secret resource yet.
 
-* Using the REST API
+### Use the REST API
 
-To create secret resource, `supersecret` make a PUT request to `https://<clusterfqdn>:19080/Resources/Secrets/supersecret?api-version=6.4-preview`. You need the cluster certificate or admin client certificate to create a secret.
+To create a `supersecret` secret resource by using the REST API, make a PUT request to `https://<clusterfqdn>:19080/Resources/Secrets/supersecret?api-version=6.4-preview`. You need the cluster certificate or admin client certificate to create a secret resource.
 
 ```powershell
 Invoke-WebRequest  -Uri https://<clusterfqdn>:19080/Resources/Secrets/supersecret?api-version=6.4-preview -Method PUT -CertificateThumbprint <CertThumbprint>
 ```
 
-## Set secret value
-* Using Resource Manager template
+## Set the secret value
+
+### Use the Resource Manager template
 
-The below Resource Manager template creates and set value for secret `supersecret` with version `ver1`.
+Use the following Resource Manager template to create and set the secret value. This template sets the secret value for the `supersecret` secret resource as version `ver1`.
 ```json
   {
   "parameters": {
@@ -113,22 +117,26 @@ The below Resource Manager template creates and set value for secret `supersecre
     }
   ],
   ```
-* Using the REST API
+### Use the REST API
 
+Use the following script to use the REST API to set the secret value.
 ```powershell
 $Params = @{"properties": {"value": "mysecretpassword"}}
 Invoke-WebRequest -Uri https://<clusterfqdn>:19080/Resources/Secrets/supersecret/values/ver1?api-version=6.4-preview -Method PUT -Body $Params -CertificateThumbprint <ClusterCertThumbprint>
 ```
-## Using the secret in your application
+## Use the secret in your application
 
-1.  Add a section in settings.xml file with the below content. Note here the Value is of the format {`secretname:version`}
+Follow these steps to use the secret in your Service Fabric application.
+
+1. Add a section in the **settings.xml** file with the following script. Note here that the value is in the format {`secretname:version`}.
 
 ```xml
   <Section Name="testsecrets">
    <Parameter Name="TopSecret" Type="SecretsStoreRef" Value="supersecret:ver1"/
   </Section>
 ```
-2. Now import the section in ApplicationManifest.xml
+
+2. Import the section in **ApplicationManifest.xml**.
 ```xml
   <ServiceManifestImport>
     <ServiceManifestRef ServiceManifestName="testservicePkg" ServiceManifestVersion="1.0.0" />
@@ -141,14 +149,12 @@ Invoke-WebRequest -Uri https://<clusterfqdn>:19080/Resources/Secrets/supersecret
   </ServiceManifestImport>
 ```
 
-Environment Variable 'SecretPath' will point to the directory where all secrets are stored. Each parameter listed under section `testsecrets` will be stored in a separate file. Application can now use the secret as shown below
+`EnvironmentVariableName=SecretPath` will point to the directory where all secrets are stored. Each parameter listed under the `testsecrets` section is stored in a separate file. The application can now use the secret as follows:
 ```C#
 secretValue = IO.ReadFile(Path.Join(Environment.GetEnvironmentVariable("SecretPath"),  "TopSecret"))
 ```
-3. Mounting secrets to a container
-
-Only change required to make the secrets available inside the container is to specify a MountPoint in `<ConfigPackage>`.
-Here is the modified ApplicationManifest.xml  
+3. Mount the secrets to a container. The only change required to make the secrets available inside the container is to specify a mount point in `<ConfigPackage>`.
+The following script is the modified **ApplicationManifest.xml**.  
 
 ```xml
 <ServiceManifestImport>
@@ -164,11 +170,9 @@ Here is the modified ApplicationManifest.xml
     </Policies>
   </ServiceManifestImport>
 ```
-Secrets will be available under the mount point inside your container.
-
-4. Binding secret to an environment variable 
+Secrets are available under the mount point inside your container.
 
-You can bind secret to a process environment variable by specifying Type='SecretsStoreRef'. Here is an example of how to bind `supersecret` version `ver1` to environment variable `MySuperSecret` in ServiceManifest.xml.
+4. You can bind a secret to a process environment variable by specifying `Type='SecretsStoreRef`. The following script is an example of how to bind the `supersecret` version `ver1` to the environment variable `MySuperSecret` in **ServiceManifest.xml**.
 
 ```xml
 <EnvironmentVariables>
