remove more typos

davidmrdavid · web-flow · commit 9581eada836a · 2024-04-15T14:32:17.000-07:00
diff --git a/articles/azure-functions/durable/durable-functions-best-practice-reference.md b/articles/azure-functions/durable/durable-functions-best-practice-reference.md
@@ -77,7 +77,7 @@ As with anything performance related, the ideal concurrency settings and archite
 
 ### Avoid sensitive data in inputs, outputs, and exceptions
 
-Inputs and outputs (including exceptions) to and from Durable Functions APIs are [durably persisted](./durable-functions-serialization-and-persistence.md) in your [storage provider of choice](./durable-functions-storage-providers.md). If those inpusts, outputs, or exceptions contain sensitive data (such as secrets, connection strings, personally identifiable information, etc.) then anyone with read access your storage provider's resources would be able to obtain them. To safely deal with sensitive data, we recommend users that data _from within activity functions_ from either Azure Key Vault or environment variables, and to never communicate that data to orchestrators or entities. That should help prevent this data from leaking into your storage resources.
+Inputs and outputs (including exceptions) to and from Durable Functions APIs are [durably persisted](./durable-functions-serialization-and-persistence.md) in your [storage provider of choice](./durable-functions-storage-providers.md). If those inpusts, outputs, or exceptions contain sensitive data (such as secrets, connection strings, personally identifiable information, etc.) then anyone with read access your storage provider's resources would be able to obtain them. To safely deal with sensitive data, we recommend users fetch that data _within activity functions_ from either Azure Key Vault or environment variables, and to never communicate that data directly to orchestrators or entities. That should help prevent sensitive data from leaking into your storage resources.
 
 > [!NOTE]
 > This guidance also applies to the `CallHttp` orchestrator API, which persists its request and response payloads in storage. If your target HTTP endpoints require authentication, which may be sensitive, we recommend users to implement the HTTP Call themselves inside of an activity, or to use the built-in managed identity support offered by `CallHTTP`, which does not persist any credentials to storage.
