Create new section for auto-generated passwords

naemono · naemono · commit 8c65d1584ae9 · 2025-10-07T10:12:18.000-05:00
Signed-off-by: Michael Montgomery &lt;mmontg1@gmail.com&gt;
diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -50,7 +50,11 @@ spec:
     count: 1
 ```
 
-## Rotate auto-generated credentials [k8s-rotate-credentials]
+## ECK auto-generated credentials
+
+{{eck}} auto-generates credentials for the `elastic` user and other users. These credentials are stored in Kubernetes Secrets and are labeled with `eck.k8s.elastic.co/credentials=true`.
+
+### Rotating auto-generated credentials [k8s-rotate-credentials]
 
 You can force the auto-generated credentials to be regenerated with new values by deleting the appropriate Secret. For example, to change the password for the `elastic` user from the [quickstart example](/deploy-manage/deploy/cloud-on-k8s/elasticsearch-deployment-quickstart.md), use the following command:
 
@@ -72,6 +76,19 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true
 This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
 ::::
 
+### Controlling the length of auto-generated passwords
+```{applies_to}
+  eck: ga 2.2
+```
+
+:::{note}
+The ability to control the length of passwords for [file-based credentials](/deploy-manage/users-roles/cluster-or-deployment-auth/file-based.md) generated by {{eck}} requires an Enterprise license.
+:::
+
+You can control the length of generated file-based passwords in {{eck}} installations by setting either `config.policies.passwords.length` in your Helm chart values or `password-length` in the `elastic-operator` `ConfigMap` when installing with YAML manifests. Refer to the [operator configuration documentation](../../deploy/cloud-on-k7s/configure-eck.md) for details on managing these settings.
+
+Changing these values does not update existing passwords. To rotate current credentials, refer to the [rotating credentials documentation](#k7s-rotate-credentials)
+
 ## Creating custom users
 
 {{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods.
@@ -99,18 +116,3 @@ For more information, refer to [External authentication](/deploy-manage/users-ro
 ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}.
 
 Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
-
-## Controlling the length of ECK-generated passwords
-```{applies_to}
-  eck: ga 3.2
-```
-
-:::{note}
-The ability to control the length of passwords for [file-based credentials](/deploy-manage/users-roles/cluster-or-deployment-auth/file-based.md) generated by {{eck}} requires an Enterprise license.
-:::
-
-You can control the length of generated file-based passwords in {{eck}} installations by setting either `config.policies.passwords.length` in your Helm chart values or `password-length` in the `elastic-operator` `ConfigMap` when installing with YAML manifests. Refer to the [operator configuration documentation](../../deploy/cloud-on-k8s/configure-eck.md) for details on managing these settings.
-
-:::{note}
-Changing these values does not update existing passwords. To rotate current credentials, refer to the [rotating credentials documentation](#k8s-rotate-credentials)
-:::
