edge-cluster changes

asergaz · dominicbetts · commit 67385ccc2320 · 2025-05-28T14:55:46.000+01:00
diff --git a/articles/iot-operations/secure-iot-ops/howto-manage-certificates.md b/articles/iot-operations/secure-iot-ops/howto-manage-certificates.md
@@ -152,24 +152,24 @@ The certificate management experience for external communications uses Azure Key
 For example, the connector for OPC UA uses the certificate management experience to configure OPC UA client application authentication to an external OPC UA server. Azure IoT Operations manages two distinct certificate stores for the connector for OPC UA: one for the *Trust list* and one for the *Issuer list*. To learn more about how the connector for OPC UA uses certificates to establish mutual trust with an OPC UA server, see [OPC UA certificates infrastructure for the connector for OPC UA](../discover-manage-assets/overview-opcua-broker-certificates-management.md).
 
 
-When you [deploy Azure IoT Operations with secure settings](../deploy-iot-ops/overview-deploy.md#secure-settings-deployment), you can start adding certificates to Azure Key Vault, and sync them to the edge to be used in the *Trust list* and *Issuer list* stores for OPC UA connections:
+When you [deploy Azure IoT Operations with secure settings](../deploy-iot-ops/overview-deploy.md#secure-settings-deployment), you can start adding certificates to Azure Key Vault, and sync them to the Kubernetes cluster to be used in the *Trust list* and *Issuer list* stores for OPC UA connections:
 
 :::image type="content" source="media/howto-manage-certificates/add-new-certificate.png" alt-text="Screenshot that shows the Upload certificate and Add from Azure Key Vault options when adding a new certificate to the asset endpoints page.":::
 
-- **Upload Certificate**: Uploads a certificate which is then added as a secret to Azure Key Vault and automatically synchronized to the edge using Secret Store extension. 
+- **Upload Certificate**: Uploads a certificate which is then added as a secret to Azure Key Vault and automatically synchronized to the cluster using Secret Store extension. 
 
     > [!TIP]
-    > - View the certificate details once uploaded, to ensure you have the correct certificate before adding to Azure Key Vault and synchronizing to edge.
+    > - View the certificate details once uploaded, to ensure you have the correct certificate before adding to Azure Key Vault and synchronizing to the cluster.
     > - Use an intuitive name so that you can recognize which secret represents your secret in the future.
     
     > [!NOTE]
-    > Simply uploading the certificate won't add the secret to Azure Key Vault and synchronize to edge, you must select **Apply** for the changes to be applied.
+    > Simply uploading the certificate won't add the secret to Azure Key Vault and synchronize to the cluster, you must select **Apply** for the changes to be applied.
      
 
-- **Add from Azure Key Vault**: Add an existing secret from the Azure Key vault to be synchronized to the edge.
+- **Add from Azure Key Vault**: Add an existing secret from the Azure Key vault to be synchronized to the cluster.
 
     > [!NOTE]
-    > Make sure to select the secret that holds the certificate you would like to synchronize to the edge. Selecting a secret which isn't the correct certificate causes the connection to fail.
+    > Make sure to select the secret that holds the certificate you would like to synchronize to the cluster. Selecting a secret which isn't the correct certificate causes the connection to fail.
 
 
 Using the list view you can manage the synchronized certificates. You can view all the synchronized certificates, and which certificate store it's synchronized to:
@@ -178,4 +178,4 @@ Using the list view you can manage the synchronized certificates. You can view a
 
 - To learn more about the *Trust list* and *Issuer list* stores, see [Configure OPC UA certificates infrastructure for the connector for OPC UA](../discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md).
 
-You can delete synced certificates as well. When you delete a synced certificate, it only deletes the synced certificate from the edge, and doesn't delete the contained secret reference from Azure Key Vault. You must delete the certificate secret manually from the key vault.
+You can delete synced certificates as well. When you delete a synced certificate, it only deletes the synced certificate from the Kubernetes cluster, and doesn't delete the contained secret reference from Azure Key Vault. You must delete the certificate secret manually from the key vault.
diff --git a/articles/iot-operations/secure-iot-ops/howto-manage-secrets.md b/articles/iot-operations/secure-iot-ops/howto-manage-secrets.md
@@ -29,21 +29,21 @@ Secrets management for Azure IoT Operations uses Secret Store extension to sync
 > [!NOTE]
 > Azure IoT Operations instances work with only one Azure Key Vault, multiple key vaults per instance isn't supported.
 
-Once the [set up secrets management](../deploy-iot-ops/howto-enable-secure-settings.md#set-up-secrets-management) steps are completed, you can start adding secrets to Azure Key Vault, and sync them to the edge to be used in **Asset Endpoints** or **Data flow Endpoints** using the [operations experience](https://iotoperations.azure.com) web UI.
+Once the [set up secrets management](../deploy-iot-ops/howto-enable-secure-settings.md#set-up-secrets-management) steps are completed, you can start adding secrets to Azure Key Vault, and sync them to the Kubernetes cluster to be used in **Asset Endpoints** or **Data flow Endpoints** using the [operations experience](https://iotoperations.azure.com) web UI.
 
-Secrets are used in asset endpoints and data flow endpoints for authentication. In this section, we use asset endpoints as an example, the same can be applied to data flow endpoints. You have the option to directly create the secret in Azure Key Vault and have it automatically synchronized down to the edge, or use an existing secret reference from the key vault:
+Secrets are used in asset endpoints and data flow endpoints for authentication. In this section, we use asset endpoints as an example, the same can be applied to data flow endpoints. You have the option to directly create the secret in Azure Key Vault and have it automatically synchronized down to the cluster, or use an existing secret reference from the key vault:
 
 1. Go to the **Asset endpoints** page in the [operations experience](https://iotoperations.azure.com) web UI.
 
 1. To add a new secret reference, select **Add reference** when creating a new asset endpoint:
 
     :::image type="content" source="media/howto-manage-secrets/use-secrets.png" alt-text="Screenshot that shows the Add from Azure Key Vault and Create new options when selecting a secret in operations experience.":::
 
-    - **Create a new secret**: creates a secret reference in the Azure Key Vault and also automatically synchronizes the secret down to the edge using Secret Store extension. Use this option if you didn't create the secret you require for this scenario in the key vault beforehand. 
+    - **Create a new secret**: creates a secret reference in the Azure Key Vault and also automatically synchronizes the secret down to the cluster using Secret Store extension. Use this option if you didn't create the secret you require for this scenario in the key vault beforehand. 
     
-    - **Add from Azure Key Vault**: synchronizes an existing secret in key vault down to the edge if it wasn't synchronized before. Selecting this option shows you the list of secret references in the selected key vault. Use this option if you created the secret in the key vault beforehand. *Only the latest version of the secret is synced to the edge*.
+    - **Add from Azure Key Vault**: synchronizes an existing secret in key vault down to the cluster if it wasn't synchronized before. Selecting this option shows you the list of secret references in the selected key vault. Use this option if you created the secret in the key vault beforehand. *Only the latest version of the secret is synced to the cluster*.
 
-1. When you add the username and password references to the asset endpoints or data flow endpoints, you then need to give the synchronized secret a name. The secret references are saved in the edge with this given name as one secret sync resource. In the example from the screenshot below, the username and password references are saved to the edge as *edp1secrets*.
+1. When you add the username and password references to the asset endpoints or data flow endpoints, you then need to give the synchronized secret a name. The secret references are saved in the cluster with this given name as one secret sync resource. In the example from the screenshot below, the username and password references are saved to the cluster as *edp1secrets*.
 
     :::image type="content" source="media/howto-manage-secrets/synced-secret-name.png" alt-text="Screenshot that shows the synced secret name field when username password is selected for authentication mode in operations experience.":::
     
@@ -59,7 +59,7 @@ In this section, we use asset endpoints as an example, the same can be applied t
 
 You can use the **Secrets** page to view synchronized secrets in your asset endpoints and data flow endpoints. Secrets page shows the list of all current synchronized secrets at the edge for the resource you're viewing. A synced secret represents one or multiple secret references, depending on the resource using it. Any operation applied to a synced secret will be applied to all secret references contained within the synced secret. 
 
-You can delete synced secrets as well in the **Secrets** page. When you delete a synced secret, it only deletes the synced secret from the edge, and doesn't delete the contained secret reference from Azure Key Vault. You must delete the certificate secret manually from the key vault.
+You can delete synced secrets as well in the **Secrets** page. When you delete a synced secret, it only deletes the synced secret from the Kubernetes cluster, and doesn't delete the contained secret reference from Azure Key Vault. You must delete the certificate secret manually from the key vault.
 
 > [!WARNING]
 > Directly editing **SecretProviderClass** and **SecretSync** custom resources in your Kubernetes cluster can break the secrets flow in Azure IoT Operations. For any operations related to secrets, use the operations experience web UI.
