Various details improved

MikeDodaro · MikeDodaro · commit 70cbed5241a2 · 2020-01-27T11:19:06.000-08:00
diff --git a/articles/spring-cloud/spring-cloud-github-actions-key-vault.md b/articles/spring-cloud/spring-cloud-github-actions-key-vault.md
@@ -9,14 +9,14 @@ ms.date: 01/20/2019
 ---
 
 # Authenticate Azure Spring Cloud with Key Vault in Github Actions
-Key vault is a secure place to store keys. Enterprise users need to store credentials for CI/CD environments in scope that they control. The key to get credentials in the key vault should be limited to resource scope.  It has access to only the key vault scope, not the entire Azure scope. It's like a key that can only open a strong box not a master key that can open all doors in a building. It's a way to get a key with another key, but useful in a CICD workflow. 
+Key vault is a secure place to store keys. Enterprise users need to store credentials for CI/CD environments in scope that they control. The key to get credentials in the key vault should be limited to resource scope.  It has access to only the key vault scope, not the entire Azure scope. It's like a key that can only open a strong box not a master key that can open all doors in a building. It's a way to get a key with another key, which is useful in a CICD workflow. 
 
 ## Generate Credential
 To generate a key to access the key vault, execute command below on your local machine:
 ```
 az ad sp create-for-rbac --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.KeyVault/vaults/<KEY_VAULT> --sdk-auth
 ```
-Note the scope specified by the `--scopes` parameter, which limits the key access to the resource.  It can only access the strong box.
+The scope specified by the `--scopes` parameter limits the key access to the resource.  It can only access the strong box.
 
 With results:
 ```
@@ -36,20 +36,20 @@ With results:
 Then save the results to GitHub **secrets** as described in [Set up your GitHub repository and authenticate with Azure](./spring-cloud-howto-github-actions.md#set-up-github-repository-and-authenticate).
 
 ## Add Access Policies for the Credential
-The credential you created above can only get general information about the Key Vault, not the contents it stores.  To get secrets stored in the Key Vault, you need set access policies for the credential.
+The credential you created above can get only general information about the Key Vault, not the contents it stores.  To get secrets stored in the Key Vault, you need set access policies for the credential.
 
-Go to the **Key Vault** dashboard in Azure portal, click the **Access control** menu, then open the **Role assignments** tab. Select **Apps** for **Type**, `This resource` for **scope**.  You should see the credential you created in previous step:
+Go to the **Key Vault** dashboard in Azure portal, click the **Access control** menu, then open the **Role assignments** tab. Select **Apps** for **Type** and `This resource` for **scope**.  You should see the credential you created in previous step:
 
  ![Set access policy](./media/github-actions/key-vault1.png)
 
-Copy the credential name, for example, `azure-cli-2020-01-19-04-39-02`. Open the **Access policies** menu, click +Add Access Policy link.  Select `Secret Management` for **Template**, then select **Principal**. Paste the credential name in **Principal**/**Select** input box:
+Copy the credential name, for example, `azure-cli-2020-01-19-04-39-02`. Open the **Access policies** menu, click **+Add Access Policy** link.  Select `Secret Management` for **Template**, then select **Principal**. Paste the credential name in **Principal**/**Select** input box:
 
  ![Select](./media/github-actions/key-vault2.png)
 
- Click the Add button in the **Add access policy** dialog, then click **Save**.
+ Click the **Add** button in the **Add access policy** dialog, then click **Save**.
 
 ## Generate full-scope Azure Credential
-This is the master key to open all doors in the building. The procedure is similar to the first step, but now we change the scope to generate the master key:
+This is the master key to open all doors in the building. The procedure is similar to the previous step, but here we change the scope to generate the master key:
 
 ```
 az ad sp create-for-rbac --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID> --sdk-auth
diff --git a/articles/spring-cloud/spring-cloud-howto-github-actions.md b/articles/spring-cloud/spring-cloud-howto-github-actions.md
@@ -35,11 +35,11 @@ The command should output a JSON object:
 }
 ```
 
-This example uses the [Piggy Metrics](https://github.com/Azure-Samples/piggymetrics) sample on GitHub.  Fork the sample, open GitHub repository page, and click Settings tab. Open Secrets menu, and click Add a new secret:
+This example uses the [Piggy Metrics](https://github.com/Azure-Samples/piggymetrics) sample on GitHub.  Fork the sample, open GitHub repository page, and click **Settings** tab. Open **Secrets** menu, and click **Add a new secret**:
 
  ![Add new secret](./media/github-actions/actions1.png)
 
-Set the secret name to `AZURE_CREDENTIALS` and its value to the JSON string that you found under the heading *Set up your GitHub repository and authenticate with Azure*.
+Set the secret name to `AZURE_CREDENTIALS` and its value to the JSON string that you found under the heading *Set up your GitHub repository and authenticate*.
 
  ![Set secret data](./media/github-actions/actions2.png)
 
@@ -54,7 +54,7 @@ az spring-cloud create -n <service instance name> -g <resource group name>
 az spring-cloud config-server git set -n <service instance name> --uri https://github.com/xxx/piggymetrics --label config
 ```
 ## Build the workflow
-The workflow can be defined using the following options.
+The workflow is defined using the following options.
 
 ### Prepare for deployment with Azure CLI
 The command `az spring-cloud app create` is currently not idempotent.  We recommend this workflow on existing Azure Spring Cloud apps and instances.
@@ -114,7 +114,7 @@ jobs:
 The az `run` command will use the latest version of Azure CLI. If there are breaking changes, you can also use a specific version of Azure CLI with azure/CLI `action`. 
 
 > [!Note] 
-> This command will run all the az command in a new container, so `env` will not work, and cross action file access may have extra restrictions.
+> This command will run in a new container, so `env` will not work, and cross action file access may have extra restrictions.
 
 Create the .github/workflow/main.yml file in the repository:
 ```
@@ -189,13 +189,13 @@ jobs:
 ```
 
 ## Run the workflow
-GitHub Actions should be enabled automatically after you push `.github/workflow/main.yml` to GitHub. The action will be triggered when you push a new commit. If you create this file in the browser, your action should have already run.
+GitHub **Actions** should be enabled automatically after you push `.github/workflow/main.yml` to GitHub. The action will be triggered when you push a new commit. If you create this file in the browser, your action should have already run.
 
 To verify that the action has been enabled, click **Actions** tab on the GitHub repository page:
 
  ![Verify action enabled](./media/github-actions/actions3.png)
 
-If your action runs in error, for example, if you haven't set Azure credential, you can rerun checks after fixing the error. On the GitHub repository page, click **Actions**, select the specific workflow task, and then click Rerun checks button to rerun checks:
+If your action runs in error, for example, if you haven't set the Azure credential, you can rerun checks after fixing the error. On the GitHub repository page, click **Actions**, select the specific workflow task, and then click the **Rerun checks** button to rerun checks:
 
  ![Rerun checks](./media/github-actions/actions4.png)
 
