From 73136cbe07608c8d0696a5ba2059ebd65483bb85 Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Wed, 15 Oct 2025 09:47:43 -0500
Subject: [PATCH 1/7] Update ECK documentation for rotating credentials.

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 .../cluster-or-deployment-auth/managed-credentials-eck.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index a43aa6b69d..09e0339ee4 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -66,13 +66,17 @@ If you are using the `elastic` user credentials in your own applications, they w
 To regenerate all auto-generated credentials in a namespace, run the following command:
 
 ```sh
-kubectl delete secret -l eck.k8s.elastic.co/credentials=true
+kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana
 ```
 
 ::::{warning}
 This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
 ::::
 
+:::{note}
+Previous documentation suggested deleting all secrets with the label `eck.k8s.elastic.co/credentials=true`, which included the Kibana secret that contained encryption keys. Deletion of the Kibana config secret is not recommended.
+:::
+
 ## Creating custom users
 
 {{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods.
@@ -99,4 +103,4 @@ For more information, refer to [External authentication](/deploy-manage/users-ro
 
 ECK facilitates file-based role management through Kubernetes secrets containing the roles specification. Alternatively, you can use the Role management API or the Role management UI in {{kib}}.
 
-Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.
\ No newline at end of file
+Refer to [Managing custom roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md#managing-custom-roles) for details and ECK based examples.

From a6b736b5b9337668c800010c71e0fc1c1ab2becd Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Tue, 21 Oct 2025 10:41:25 -0500
Subject: [PATCH 2/7] Update
 deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md

Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com>
---
 .../cluster-or-deployment-auth/managed-credentials-eck.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index 09e0339ee4..fbb590bac1 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -74,7 +74,7 @@ This command regenerates auto-generated credentials of **all** {{stack}} applica
 ::::
 
 :::{note}
-Previous documentation suggested deleting all secrets with the label `eck.k8s.elastic.co/credentials=true`, which included the Kibana secret that contained encryption keys. Deletion of the Kibana config secret is not recommended.
+When deleting secrets so they can be regenerated, make sure to exclude {{kib}} secrets by specifying `type!=kibana`. {{kib}} secrets contain encryption keys, which should not be deleted.
 :::
 
 ## Creating custom users

From a0716bbe65edec027cdfbb7d7ea0cfd382a8732f Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Tue, 4 Nov 2025 09:13:10 -0600
Subject: [PATCH 3/7] Use 'applies switch' as recommended.

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 .../managed-credentials-eck.md                       | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index fbb590bac1..1d40ac4da7 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -73,10 +73,18 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.
 This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
 ::::
 
-:::{note}
-When deleting secrets so they can be regenerated, make sure to exclude {{kib}} secrets by specifying `type!=kibana`. {{kib}} secrets contain encryption keys, which should not be deleted.
+::::{applies-switch}
+
+:::{applies-item} 3.2+:
+When deleting secrets so they can be regenerated, the following label `common.k8s.elastic.co/type!=kibana` is no longer required as the {{kib}} secret is no longer labeled as containing credentials.
+:::
+
+:::{applies-item} Prior to 3.2:
+When deleting secrets so they can be regenerated, make sure to exclude {{kib}} secrets by specifying `common.k8s.elastic.co/type!=kibana`. {{kib}} secrets contain encryption keys, which should not be deleted.
 :::
 
+::::
+
 ## Creating custom users
 
 {{eck}} provides functionality to facilitate custom user creation through various authentication realms. You can create users using the native realm, file realm, or external authentication methods.

From 7e77f3f3d8024909c620f4876584e1950059278f Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Tue, 4 Nov 2025 09:18:07 -0600
Subject: [PATCH 4/7] Adjust per recommendations.

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 .../managed-credentials-eck.md                 | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index 559078bae4..8a19bcce2a 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -68,22 +68,26 @@ If you are using the `elastic` user credentials in your own applications, they w
 
 To regenerate all auto-generated credentials in a namespace, run the following command:
 
-```sh
-kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana
-```
-
 ::::{warning}
-This command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
+The following command regenerates auto-generated credentials of **all** {{stack}} applications in the namespace.
 ::::
 
 ::::{applies-switch}
 
 :::{applies-item} 3.2+:
-When deleting secrets so they can be regenerated, the following label `common.k8s.elastic.co/type!=kibana` is no longer required as the {{kib}} secret is no longer labeled as containing credentials.
+In ECK versions 3.2 and beyond:
+
+```sh
+kubectl delete secret -l eck.k8s.elastic.co/credentials=true
+```
 :::
 
 :::{applies-item} Prior to 3.2:
-When deleting secrets so they can be regenerated, make sure to exclude {{kib}} secrets by specifying `common.k8s.elastic.co/type!=kibana`. {{kib}} secrets contain encryption keys, which should not be deleted.
+In ECK versions prior to 3.2:
+
+```sh
+kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana
+```
 :::
 
 ::::

From bde5e0238772da41c4ff7f5cfb953732b652642f Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Tue, 4 Nov 2025 09:26:33 -0600
Subject: [PATCH 5/7] Try to fix applies-switch

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 .../cluster-or-deployment-auth/managed-credentials-eck.md     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index 8a19bcce2a..c5baa45d1e 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -74,7 +74,7 @@ The following command regenerates auto-generated credentials of **all** {{stack}
 
 ::::{applies-switch}
 
-:::{applies-item} 3.2+:
+:::{applies-item} { "eck": "ga 3.2" }:
 In ECK versions 3.2 and beyond:
 
 ```sh
@@ -82,7 +82,7 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true
 ```
 :::
 
-:::{applies-item} Prior to 3.2:
+:::{applies-item} { "eck": "prior to 3.2" }:
 In ECK versions prior to 3.2:
 
 ```sh

From b9647493101fe375beac4195a2534e68240d1e41 Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Tue, 4 Nov 2025 09:35:02 -0600
Subject: [PATCH 6/7] Remove colon

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 .../cluster-or-deployment-auth/managed-credentials-eck.md     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index c5baa45d1e..8db077c7e2 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -74,7 +74,7 @@ The following command regenerates auto-generated credentials of **all** {{stack}
 
 ::::{applies-switch}
 
-:::{applies-item} { "eck": "ga 3.2" }:
+:::{applies-item} { "eck": "ga 3.2" }
 In ECK versions 3.2 and beyond:
 
 ```sh
@@ -82,7 +82,7 @@ kubectl delete secret -l eck.k8s.elastic.co/credentials=true
 ```
 :::
 
-:::{applies-item} { "eck": "prior to 3.2" }:
+:::{applies-item} { "eck": "prior to 3.2" }
 In ECK versions prior to 3.2:
 
 ```sh

From 0c266824a76c923d36788d5e1279a9c6bea408f8 Mon Sep 17 00:00:00 2001
From: Michael Montgomery <mmontg1@gmail.com>
Date: Tue, 4 Nov 2025 10:08:51 -0600
Subject: [PATCH 7/7] Adjust per recommendations

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
---
 .../cluster-or-deployment-auth/managed-credentials-eck.md     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
index 8db077c7e2..b4ab44c417 100644
--- a/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
+++ b/deploy-manage/users-roles/cluster-or-deployment-auth/managed-credentials-eck.md
@@ -80,14 +80,16 @@ In ECK versions 3.2 and beyond:
 ```sh
 kubectl delete secret -l eck.k8s.elastic.co/credentials=true
 ```
+
 :::
 
-:::{applies-item} { "eck": "prior to 3.2" }
+:::{applies-item} { "eck": "ga 3.1" }
 In ECK versions prior to 3.2:
 
 ```sh
 kubectl delete secret -l eck.k8s.elastic.co/credentials=true,common.k8s.elastic.co/type!=kibana
 ```
+
 :::
 
 ::::