Merge pull request #96778 from jneczypor/OSDOCS-15379

OSDOCS-15379: Incorrect statement in etcd description

Author: EricPonvelle

modules/rosa-sdpolicy-security.adoc

@@ -96,17 +96,10 @@ With {product-title}, AWS provides a standard DDoS protection on all load balanc
 [id="rosa-sdpolicy-etcd-encryption_{context}"]
 == etcd encryption
 
-In
-ifdef::openshift-rosa-hcp[]
-{hcp-title-first},
-endif::openshift-rosa-hcp[]
-ifndef::openshift-rosa-hcp[]
-{product-title},
-endif::openshift-rosa-hcp[]
-the control plane storage is encrypted at rest by default and this includes encryption of the etcd volumes. This storage-level encryption is provided through the storage layer of the cloud provider.
+In {product-title}, the control plane storage is encrypted at rest by default, including encryption of the etcd volumes. This storage-level encryption is provided through the storage layer of the cloud provider.
 
 ifdef::openshift-rosa-hcp[]
-The etcd database is always encrypted by default. Customers might opt to provide their own custom AWS KMS keys for the purpose of encrypting the etcd database.
+Customers can also opt to encrypt the etcd database at build time or provide their own custom AWS KMS keys for the purpose of encrypting the etcd database.
 
 Etcd encryption will encrypt the following Kubernetes API server and OpenShift API server resources:
 endif::openshift-rosa-hcp[]