docs: split commands in ordered list with dedicated comments

luxifer · luxifer · commit 11606c3ccab2 · 2025-10-27T10:50:16.000+01:00
diff --git a/tutorials/object-storage-sse-c-with-secret-manager/index.mdx b/tutorials/object-storage-sse-c-with-secret-manager/index.mdx
@@ -31,22 +31,51 @@ The goal here is to use Key Manager to generate the encryption key, store the en
 
 Run the following commands to create a key in Key Manager, generate the encryption key, then store it in Secret Manager.
 
-```bash
-KEY_ID=$(scw keymanager key create -o template="{{.ID}}")
-scw keymanager key generate-data-key "$KEY_ID" -o json | jq -r .plaintext | base64 -d > ssec.key
-SECRET_ID=$(scw secret secret create name=ssec-key path=/keys -o template="{{.ID}}")
-scw secret version create "$SECRET_ID" data="@ssec.key"
-```
+1. Create a key on the Key Manager
+
+  ```bash
+  KEY_ID=$(scw keymanager key create -o template="{{.ID}}")
+  ```
+
+2. Generate the data encryption key
+
+  ```bash
+  scw keymanager key generate-data-key "$KEY_ID" -o json | jq -r .plaintext | base64 -d > ssec.key
+  ```
+
+3. Create a secret in the Secret manager to store the data encryption key
+
+  ```bash
+  SECRET_ID=$(scw secret secret create name=ssec-key path=/keys -o template="{{.ID}}")
+  ```
+
+4. Store the data encryption key
+
+  ```bash
+  scw secret version create "$SECRET_ID" data="@ssec.key"
+  ```
 
 ## Preparing the encryption key and its digest
 
 Run the following command to access the secret version to get the encryption key, encode it to base64, calculate the MD5 digest of the key (also encoded in base64), and store the outputs in environment variables. 
 
-```bash
-scw secret version access "$SECRET_ID" revision=latest raw=true > ssec.key
-ENCRYPTION_KEY=$(cat ssec.key | base64)
-KEY_DIGEST=$(openssl dgst -md5 -binary ssec.key | base64)
-```
+1. Accessing the raw key
+
+  ```bash
+  scw secret version access "$SECRET_ID" revision=latest raw=true > ssec.key
+  ```
+
+2. Serialize it to base64
+
+  ```bash
+  ENCRYPTION_KEY=$(cat ssec.key | base64)
+  ```
+
+3. Compute the MD5 digest
+
+  ```bash
+  KEY_DIGEST=$(openssl dgst -md5 -binary ssec.key | base64)
+  ```
 
 <Message type="important">
 If you delete the secret containing the encryption key, you also lose the data encrypted with it, as you will not be able to perform `GET` operations on encrypted objects without the corresponding key.
