minor edits

danciaclara · danciaclara · commit 88860a4c67e5 · 2025-03-11T15:19:31.000+05:30
diff --git a/self-hosting/govern/external-secrets.mdx b/self-hosting/govern/external-secrets.mdx
@@ -7,9 +7,9 @@ This guide explains how to integrate Plane with external secret management solut
 
 ## AWS Secrets Manager
 
-1. Create a dedicated IAM user (e.g., `external-secret-access-user`).
-2. Generate security credentials (no Console Access required).
-3. Note the user's ARN for later use.
+1. Create a dedicated IAM user (e.g., `external-secret-access-user`). You can uncheck **Console Access Required**.
+2. Generate `ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` and keep them handy.
+3. Note the user's ARN for later use (format: `arn:aws:iam::&lt;account-id&gt;:user/&lt;user-name&gt;`).
 
 4. Create IAM policy (e.g., `external-secret-access-policy`) with the following JSON:
 
@@ -52,9 +52,10 @@ This guide explains how to integrate Plane with external secret management solut
     ```
 
     Replace `<IAM-USER-ARN>` with the ARN of the user created in step 1.   
-    Attach the AWS IAM policy created in step 4 to this role.
 
-6. Create secrets in AWS Secrets Manager with your Plane configuration values. For example, store RabbitMQ credentials with a name   like `prod/secrets/rabbitmq`.
+6. Attach the AWS IAM policy created in step 4 to the IAM role.
+
+7. Create secrets in AWS Secrets Manager with your Plane configuration values. For example, store RabbitMQ credentials with a name   like `prod/secrets/rabbitmq`.
 
     |Key|Value|
     |-------|--------|
@@ -63,15 +64,15 @@ This guide explains how to integrate Plane with external secret management solut
 
     Follow this pattern to manage all the [environment variables](/self-hosting/methods/kubernetes#external-secrets-config) in AWS Secrets Manager.
 
-7. Create a Kubernetes secret containing AWS credentials in your application namespace:
+8. Create a Kubernetes secret containing AWS credentials in your application namespace:
     ```sh
     kubectl create secret generic aws-creds-secret \
     --from-literal=access-key=<AWS_ACCESS_KEY_ID> \
     --from-literal=secret-access-key=<AWS_SECRET_ACCESS_KEY> \
     -n <application_namespace>
     ```
 
-7. Apply the following YAML to create a ClusterSecretStore resource:
+9. Apply the following YAML to create a ClusterSecretStore resource:
     ```yaml
     apiVersion: external-secrets.io/v1beta1
     kind: ClusterSecretStore
@@ -94,7 +95,7 @@ This guide explains how to integrate Plane with external secret management solut
     ```
     Replace `<ACCOUNT-ID>` and `<IAM ROLE>` with your AWS account ID and the role name created in Step 5.
 
-8. Create an ExternalSecret resource to fetch secrets from AWS and create a corresponding Kubernetes secret:
+10. Create an ExternalSecret resource to fetch secrets from AWS and create a corresponding Kubernetes secret:
     ```yaml
     apiVersion: external-secrets.io/v1beta1
     kind: ExternalSecret
