Update secrets doc

Author: akclace

content/docs/Applications/Overview.md

@@ -120,7 +120,7 @@ A star, like `PROD*` in the `app list` output indicates that there are staged ch
 
 By default, apps are created with the no authentication type. `system` auth uses `admin` as the username. The password is displayed on the screen during the initial setup of the OpenRun server config.
 
-To change app auth type, add `--auth system` to the `app create` command. After an app is created, the auth type can be changed by running `app update auth system /myapp`. OAuth based authentication is also supported, see [authentication]({{< ref "docs/configuration/authentication" >}}) for details.
+To change app auth type, add `--auth system` to the `app create` command. After an app is created, the auth type can be changed by running `app update auth --promote system /myapp`. OAuth based authentication is also supported, see [authentication]({{< ref "docs/configuration/authentication" >}}) for details.
 
 {{<callout type="warning" >}}
 Changes done to the app settings using the `app settings` command are **NOT** staged or versioned, they apply immediately to the stage/prod/preview apps.

content/docs/Configuration/Secrets.md

@@ -8,9 +8,9 @@ OpenRun supports secret management when working with apps. Secrets can be passed
 
 ## Supported Providers
 
-OpenRun currently supports AWS Secrets Manager (ASM), AWS SSM and HashiCorp Vault as providers for secrets management. Secrets can also be read from the environment of the OpenRun server, which can be used in development and testing. Secrets can also be read from a local properties file.
+OpenRun currently supports AWS Secrets Manager (ASM), AWS Systems Manager (SSM) and HashiCorp Vault as providers for secrets management. Secrets can also be read from the environment of the OpenRun server, which can be used in development and testing. Secrets can also be read from a local properties file.
 
-## AWS Secrets Manager
+### AWS Secrets Manager
 
 To enable ASM, add one or more entries in the `openrun.toml` config. The config name should be `asm` or should start with `asm_`. For example
 
@@ -26,7 +26,7 @@ creates two ASM configs. `asm` uses the default profile and `asm_prod` uses the
 
 To access a secret in app parameters from `asm_prod` config, use `--param MYPARAM='{{secret_from "asm_prod" "MY_SECRET_KEY"}}'` as the param value. Use `--param MYPARAM='{{secret "MY_SECRET_KEY"}}'` to read from the default provider.
 
-## AWS Systems Manager (SSM)
+### AWS Systems Manager (SSM)
 
 To enable SSM, add one or more entries in the `openrun.toml` config. The config name should be `ssm` or should start with `ssm_`. For example
 
@@ -42,7 +42,7 @@ creates two SSM configs. `ssm` uses the default profile and `ssm_prod` uses the
 
 To access a secret in app parameters from `ssm_prod` config, use `--param MYPARAM='{{secret_from "ssm_prod" "MY_SECRET_KEY"}}'` as the param value. Use `--param MYPARAM='{{secret "MY_SECRET_KEY"}}'` to read from the default provider.
 
-## HashiCorp Vault
+### HashiCorp Vault
 
 To enable Vault secret provider, add one or more entries in the `openrun.toml` config. The config name should be `vault` or should start with `vault_`. For example
 
@@ -58,7 +58,7 @@ token = "def"
 
 creates two Vault configs. The `address` and `token` properties are required.
 
-## Environment Secrets
+### Environment Secrets
 
 Adding a secret provider with the name `env` or starting with `env_`, like
 
@@ -68,7 +68,7 @@ Adding a secret provider with the name `env` or starting with `env_`, like
 
 enables looking up the OpenRun server environment for secrets. This can be accessed like `--param MYPARAM='{{secret_from "env" "MY_SECRET_KEY"}}'`. No properties are required in the env provider config. The value of MY_SECRET_KEY in the OpenRun server env wil be passed as the param.
 
-## Properties Secrets
+### Properties Secrets
 
 Secrets can be read from a properties file. The config name should be `prop` or should start with `prop_`. To use this, add