[Secrets Store] Review for consistency and clarity in examples and limits (#21795)

* Fix access-control info about Account Super Admins

* Revise examples so bindings vs secret names are not mixed up

* Touch up example secret name in commands.mdx

* Make prereqs and local dev callouts clearer

* Fix typo and add monospaced h3s for consistency

* Fix order to match list at the top of the page

* Improve context and cross-linking

* Clarify maximum of 20 secrets only apply to production

* Use placeholder for binding variable and apply throughout

Author: RebeccaTamachiro

src/content/docs/secrets-store/access-control.mdx

@@ -17,7 +17,7 @@ While all Cloudflare accounts will have access to the Secrets Store section on t
 
 Refer to the list below for default role definitions.
 
-- **Super Administrator**: Can create, edit, duplicate, delete, and view secrets metadata.
+- **Super Administrator**: Can create, edit, duplicate, delete, and view secrets metadata. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/).
 - **Secrets Store Admin**: Can create, edit, duplicate, delete, and view secrets metadata.
 - **Secrets Store Deployer**: Can view secrets metadata but cannot create, edit, duplicate, nor delete secrets. Can also [add a Secrets Store binding to a Worker](/secrets-store/integrations/workers/).
 - **Secrets Store Reporter**: Can view secrets metadata. Cannot perform any actions (create, edit, duplicate, delete secrets), nor add a Secrets Store binding to a Worker.

src/content/docs/secrets-store/integrations/workers.mdx

@@ -19,17 +19,17 @@ This is different from Workers [Variables and Secrets](/workers/configuration/se
 
 - If [using the Dashboard](#via-dashboard), make sure you already have a Workers application. Refer to the [Workers get started](/workers/get-started/dashboard/) for guidance.
 
-- You should also have a store created under the Secrets Store tab on the Dashboard.
-    - The first store in your account is created automatically when a user with [Super Administrator or Secrets Store Admin role](/secrets-store/access-control/) interacts with it.
-    - You can also use the [Wrangler command](/workers/wrangler/commands/#secrets-store-store) `secrets-store store create <name> --remote` to create your first store.
+- You should also have a store created under the **Secrets Store** tab on the Dashboard. The first store in your account is created automatically when a user with [Super Administrator or Secrets Store Admin role](/secrets-store/access-control/) interacts with it.
+
+		- If no store exists in your account yet and you have the necessary permissions, you can use the [Wrangler command](/workers/wrangler/commands/#secrets-store-store) `secrets-store store create <name> --remote` to create your first store.
 
 :::caution[Local development mode]
-This guide assumes you are working in production. To use Secrets Store locally, you must use `secrets-store` [Wrangler commands](/workers/wrangler/commands/) without the `--remote` flag.
+This guide assumes you are working in production. To use Secrets Store locally, you must use `secrets-store secret` [Wrangler commands](/workers/wrangler/commands/) without the `--remote` flag.
 :::
 
 ## 1. Set up account secrets in Secrets Store
 
-If there are no secrets in the store yet, follow the steps below. You must have a [Super Administrator or a Secrets Store Admin role](/secrets-store/access-control/) within your Cloudflare account.
+Follow the steps below to create secrets. You must have a [Super Administrator or a Secrets Store Admin role](/secrets-store/access-control/) within your Cloudflare account.
 
 :::note
 You may also add account secrets directly from the Workers settings on the dashboard. You can skip to [step 2](#via-dashboard) to do that.
@@ -112,7 +112,7 @@ To bind an account secret to your Worker, you must have one of the following [ro
 ```toml
 main = "./src/index.js"
 secrets_store_secrets = [
-  { binding = "MY_SECRETS_STORE_SECRET", store_id= "<STORE_ID>", secret_name = "<MY_SECRET_NAME>" }
+  { binding = "<BINDING_VARIABLE>", store_id= "<STORE_ID>", secret_name = "<MY_SECRET_NAME>" }
 ]
 ```
 
@@ -140,14 +140,14 @@ secrets_store_secrets = [
 ### Call `get()` on the binding variable
 
 :::caution[Local development mode]
-You cannot access production secrets (created on the dashboard, via API, or with the `--remote` flag) from your local development setup. To use Secrets Store locally, you must use [secrets-store Wrangler commands](/workers/wrangler/commands/) without the `--remote` flag.
+You cannot access production secrets (created on the dashboard, via API, or with the `--remote` flag) from your local development setup. To use Secrets Store locally, you must use `secrets-store secret` [Wrangler commands](/workers/wrangler/commands/) without the `--remote` flag.
 :::
 
 ```js
 export default {
   async fetch(request, env) {
     // Example of using the secret safely in an API request
-		const APIkey = await env.MY_SECRETS_STORE_SECRET.get()
+		const APIkey = await env.<BINDING_VARIABLE>.get()
 
     const response = await fetch("https://api.example.com/data", {
       headers: { "Authorization": `Bearer ${APIKey}` },

src/content/docs/secrets-store/manage-secrets/how-to.mdx

@@ -13,7 +13,7 @@ You must have a [Super Administrator or Secrets Store Admin role](/secrets-store
 
 ## Manage via Wrangler
 
-For Wrangler commands, refer to [Cloudflare Workers](/workers/wrangler/commands/#secrets-store-secret) documentation.
+[Wrangler](/workers/wrangler/) is a command-line interface (CLI) that allows you to manage [Cloudflare Workers](/workers/) projects. Refer to [Wrangler commands](/workers/wrangler/commands/#secrets-store-secret) for guidance on how to use it with Secrets Store.
 
 ## Create a secret
 

src/content/docs/secrets-store/manage-secrets/index.mdx

@@ -14,7 +14,11 @@ Once a secret is added to the Secrets Store, it can no longer be decrypted or ac
 
 ## Limits
 
-Customers who create a secrets store in the open beta can have up to 20 secrets per account.
+Customers who create a secrets store in the open beta can have up to 20 secrets per account. Also, there can only be one store per account.
+
+:::note[Production secrets]
+If you use [Wrangler](/secrets-store/manage-secrets/how-to/#manage-via-wrangler), there is a difference between production secrets and secrets that are only created locally (without the `--remote` flag). The limit of 20 secrets per account only considers production secrets.
+:::
 
 ## Resources
 

src/content/docs/workers/wrangler/commands.mdx

@@ -517,81 +517,6 @@ Finished processing secrets JSON file:
 🚨 1 secrets failed to upload
 ```
 
-## `secrets-store store`
-
-You can use the following commands to manage your store.
-
-:::note[Store limitation]
-Each account only supports one store in beta.
-:::
-
-### create
-
-Create a store within Secrets Store.
-
-```txt
-wrangler secerets-store store create <name>
-```
-
-- `name` <Type text="string" /> <MetaInfo text="required" />
-  - A descriptive name for the account-level secret. Cannot contain spaces.
-
-The following is an example of using the `create` command to create a store.
-
-```txt
-wrangler secrets-store store create default --remote
-```
-
-```sh output
-🔐 Creating store... (Name: default)
-✅ Created store! (Name: default, ID: 2e2a82d317134506b58defbe16982d54)
-```
-
-### delete
-
-Delete a store within Secrets Store.
-
-```txt
-wrangler secerets-store store delete <STORE_ID>
-```
-
-- `STORE_ID` <Type text="string" /> <MetaInfo text="required" />
-  - The secret store public ID. You can find it and copy from the [Secrets Store tab](https://dash.cloudflare.com/?to=/:account/secrets-store/) on the dashboard.
-
-The following is an example of using the `delete` command to delete a store.
-
-```sh
-npx wrangler secrets-store store delete d2dafaeac9434de2b6d08b292ce08211
-```
-
-```sh output
-🔐 Deleting store... (Name: d2dafaeac9434de2b6d08b292ce08211)
-✅ Deleted store! (ID: d2dafaeac9434de2b6d08b292ce08211)
-```
-
-### list
-
-List the stores within an account.
-
-```txt
-wrangler secrets-store store list
-```
-
-The following is an example of using the `list` command to list stores.
-
-```sh
-npx wrangler secrets-store store list
-```
-
-```sh output
-🔐 Listing stores...
-┌─────────┬──────────────────────────────────┬──────────────────────────────────┬──────────────────────┬──────────────────────┐
-│ Name    │ ID                               │ AccountID                        │ Created              │ Modified             │
-├─────────┼──────────────────────────────────┼──────────────────────────────────┼──────────────────────┼──────────────────────┤
-│ default │ 8876bad33f164462bf0743fe8adf98f4 │ REDACTED │ 4/9/2025, 1:11:48 PM  │ 4/9/2025, 1:11:48 PM │
-└─────────┴──────────────────────────────────┴──────────────────────────────────┴──────────────────────┴──────────────────────┘
-```
-
 ## `secrets-store secret`
 
 With the release of [Secrets Store](/secrets-store/) in open beta, you can use the following commands to manage your account secrets.
@@ -627,13 +552,13 @@ wrangler secrets-store secret create <STORE_ID> [OPTIONS]
 The following is an example of using the `create` command to create an account-level secret.
 
 ```sh
-npx wrangler secrets-store secret create 8f7a1cdced6342c18d223ece462fd88d --name MY_SECRETS_STORE_SECRET --scopes workers --remote
+npx wrangler secrets-store secret create 8f7a1cdced6342c18d223ece462fd88d --name ServiceA_key-1 --scopes workers --remote
 ```
 
 ```sh output
 ✓ Enter a secret value: › ***
 
-🔐 Creating secret... (Name: MY_SECRETS_STORE_SECRET, Value: REDACTED, Scopes: workers, Comment: undefined)
+🔐 Creating secret... (Name: ServiceA_key-1, Value: REDACTED, Scopes: workers, Comment: undefined)
 ✓ Select an account: › My account
 ✅ Created secret! (ID: 13bc7498c6374a4e9d13be091c3c65f1)
 ```
@@ -709,7 +634,7 @@ npx wrangler secrets-store secret get 8f7a1cdced6342c18d223ece462fd88d --secret-
 ✓ Select an account: › My account
 | Name                        | ID                                  | StoreID                             | Comment | Scopes  | Status  | Created                | Modified               |
 |-----------------------------|-------------------------------------|-------------------------------------|---------|---------|---------|------------------------|------------------------|
-| MY_SECRETS_STORE_SECRET     | 13bc7498c6374a4e9d13be091c3c65f1    | 8f7a1cdced6342c18d223ece462fd88d    |         | workers | active  | 4/9/2025, 10:06:01 PM  | 4/15/2025, 09:13:05 AM |
+| ServiceA_key-1          | 13bc7498c6374a4e9d13be091c3c65f1    | 8f7a1cdced6342c18d223ece462fd88d    |         | workers | active  | 4/9/2025, 10:06:01 PM  | 4/15/2025, 09:13:05 AM |
 ```
 
 ### `delete`
@@ -742,6 +667,81 @@ wrangler secrets-store secret list <STORE_ID>
 - `STORE_ID` <Type text="string" /> <MetaInfo text="required" />
   - The secret store public ID. You can find it and copy from the [Secrets Store tab](https://dash.cloudflare.com/?to=/:account/secrets-store/) on the dashboard.
 
+## `secrets-store store`
+
+Use the following commands to manage your store.
+
+:::note[Store limitation]
+[Secrets Store](/secrets-store/) is in open beta. Currently, you can only have one store per Cloudflare account.
+:::
+
+### `create`
+
+Create a store within Secrets Store.
+
+```txt
+wrangler secrets-store store create <name>
+```
+
+- `name` <Type text="string" /> <MetaInfo text="required" />
+  - A descriptive name for the account-level secret. Cannot contain spaces.
+
+The following is an example of using the `create` command to create a store.
+
+```txt
+wrangler secrets-store store create default --remote
+```
+
+```sh output
+🔐 Creating store... (Name: default)
+✅ Created store! (Name: default, ID: 2e2a82d317134506b58defbe16982d54)
+```
+
+### `delete`
+
+Delete a store within Secrets Store.
+
+```txt
+wrangler secrets-store store delete <STORE_ID>
+```
+
+- `STORE_ID` <Type text="string" /> <MetaInfo text="required" />
+  - The secret store public ID. You can find it and copy from the [Secrets Store tab](https://dash.cloudflare.com/?to=/:account/secrets-store/) on the dashboard.
+
+The following is an example of using the `delete` command to delete a store.
+
+```sh
+npx wrangler secrets-store store delete d2dafaeac9434de2b6d08b292ce08211
+```
+
+```sh output
+🔐 Deleting store... (Name: d2dafaeac9434de2b6d08b292ce08211)
+✅ Deleted store! (ID: d2dafaeac9434de2b6d08b292ce08211)
+```
+
+### `list`
+
+List the stores within an account.
+
+```txt
+wrangler secrets-store store list
+```
+
+The following is an example of using the `list` command to list stores.
+
+```sh
+npx wrangler secrets-store store list
+```
+
+```sh output
+🔐 Listing stores...
+┌─────────┬──────────────────────────────────┬──────────────────────────────────┬──────────────────────┬──────────────────────┐
+│ Name    │ ID                               │ AccountID                        │ Created              │ Modified             │
+├─────────┼──────────────────────────────────┼──────────────────────────────────┼──────────────────────┼──────────────────────┤
+│ default │ 8876bad33f164462bf0743fe8adf98f4 │ REDACTED │ 4/9/2025, 1:11:48 PM  │ 4/9/2025, 1:11:48 PM │
+└─────────┴──────────────────────────────────┴──────────────────────────────────┴──────────────────────┴──────────────────────┘
+```
+
 ## `workflows`
 
 :::note