Constants -> variables

tashian · tashian · commit 2deb68185d82 · 2025-03-26T09:14:23.000-07:00
diff --git a/step-ca/templates.mdx b/step-ca/templates.mdx
@@ -2,7 +2,7 @@
 title: Configuring `step-ca` Templates
 html_title: Configuring open source step-ca Templates
 description: Learn how to configure step-ca Templates
-updated_at: March 25, 2025
+updated_at: March 26, 2025
 ---
 
 People use private CAs for all sorts of things, in many different contexts:
@@ -42,9 +42,9 @@ A few custom [functions for ASN.1 encoding](#asn1-values) and [time formatting](
 <Alert severity="warning">
   <div>
     <strong>Warning: Always wrap values in <code>toJson</code></strong><br />
-    In the templates on this page, constants are pulled into templates using <code>{`{{`} toJson .constantName {`}}`}</code> 
-    to sanitize the value of the constant.
-    When using templates, you must sanitize all constants using <code>toJson</code> to avoid template injection vulnerabilities.
+    In the templates on this page, variables are pulled into templates using <code>{`{{`} toJson .variableName {`}}`}</code> 
+    to sanitize the value of the variable.
+    When using templates, you must sanitize all variables using <code>toJson</code> to avoid template injection vulnerabilities.
   </div>
 </Alert>
 
@@ -126,8 +126,8 @@ The following snippet shows a provisioner with custom X.509 and SSH templates:
           location of which would be `$(step path)/templates/certs/x509/leaf.tpl`.
         - **_relative to the execution directory of `step-ca`_**: e.g. `./path/to/file.tpl` or `../path/to/file.tpl`
 
-    - **templateData**: defines constants that can be used in the template.
-      In the example above, you are able to use the defined organizational unit as the constant `{{ .OrganizationalUnit }}`,
+    - **templateData**: defines variables that can be used in the template.
+      In the example above, you are able to use the defined organizational unit as the variable `{{ .OrganizationalUnit }}`,
       for example in a template like:
 
         ```json
@@ -209,15 +209,15 @@ See [the complete list of fields supported in `step-ca` templates](https://githu
 
 <Alert severity="info" id="star11">
   <div>
-    <strong>A note on <code>.Insecure</code> constants</strong><br />
-    In templates, some constants are prefixed with <code>.Insecure</code>.
+    <strong>A note on <code>.Insecure</code> variables</strong><br />
+    In templates, some variables are prefixed with <code>.Insecure</code>.
     They contain information that has not been cryptographically signed
     by a source that the CA trusts.
     For example, the <code>.Insecure.CR</code> map holds the user-supplied Certificate Request.
   </div>
 </Alert>
 
-Here are some constants available in X.509 certificate templates:
+Here are some variables available in X.509 certificate templates:
 
 - **.Subject**:
   The subject that was passed in to `step certificate` or `step ca certificate`. Specifically,
@@ -247,7 +247,7 @@ Here are some constants available in X.509 certificate templates:
   this is an array of the certificate chain from the request.
   This chain connects the authorization certificate to the root CA configured in the provisioner.
 
-- **.Insecure** These constants are marked insecure because they contain client-supplied data that is not signed by a trusted party.
+- **.Insecure** These variables are marked insecure because they contain client-supplied data that is not signed by a trusted party.
 
 - **.Insecure.CR**<Reference id="star11" marker="*" />: ☠️
   This holds the Certificate Request (CSR) received from the client.
@@ -325,7 +325,7 @@ Use these functions to populate custom certificate OID `extensions`:
 ]
 ```
 
-When applied to template constants, these functions enable dynamic OID extensions:
+When applied to template variables, these functions enable dynamic OID extensions:
 
 ```
 {
@@ -482,7 +482,7 @@ Here are the most relevant parameters available in SSH certificate template:
 - **.Insecure.CR**<Reference id="star11" marker="*" />:
   SSH certificate requests to `step-ca` are not CSRs in the X.509 sense.
   So, `step-ca` creates a virtual certificate request,
-  and that's what this constant represents.
+  and that's what this variable represents.
 
 - **.Insecure.CR.Principals**: If you trust a host to register its own custom SANs
   (for example, when using the IID provisioner),
@@ -570,13 +570,13 @@ delimited by `{{` and `}}`. These are called **_actions_** - **_actions_** are
 data evaluations or control structures. The ones in the default template are:
 
 - `{{ toJson .Subject }}`: renders `.Subject` as JSON. `toJson` is a function in
-Sprig that encodes the passed item into JSON. `.Subject` is a constant available
+Sprig that encodes the passed item into JSON. `.Subject` is a variable available
 in all templates that contains the `<subject>` parameter passed in the CLI, in
 this case, `jane@smallstep.com`, and to be more precise, this value is available
 in `.Subject.CommonName`.
 
 - `{{ toJson .SANs }}`: renders `.SANs` (Subject Alternative Names) as JSON.
-The constant `.SANs` is also available in all templates and contains the list
+The variable `.SANs` is also available in all templates and contains the list
 of `SANs` passed from the CLI.  If no `SANs` are specified, the
 `.Subject.CommonName` will be used as a default `SAN` (e.g.
 `jane@smallstep.com` in our example). If you add more `SANs` using the
