review comments

Author: nyobe

content/blog/esc-connect/index.md

@@ -33,8 +33,7 @@ values:
         secretName: DATABASE_PASSWORD
 ```
 
-When you open this environment, ESC makes an authenticated POST request to your adapter. 
-Your adapter validates the JWT token, fetches the secret from your source, and returns it:
+When you open this environment, ESC makes an authenticated POST request to your adapter. Your adapter validates the JWT token, fetches the secret from your source, and returns it:
 
 ```typescript
 const handler = async (event) => {
@@ -58,7 +57,7 @@ The [example reference implementation](#try-it-out) includes an `ESCRequestValid
 
 ## Automated rotation
 
-ESC Connect also supports automated secret rotation through [`fn::rotate::external`](/docs/esc/integrations/rotated-secrets/external/). Your rotation adapter receives the current credential state, generates new credentials, updates your target system, and returns the new state. ESC handles scheduling and maintains both current and previous credentials during transitions for zero-downtime rotation.
+ESC Connect also supports automated secret rotation through `fn::rotate::external`. Your rotation adapter receives the current credential state, generates new credentials, updates your target system, and returns the new state. ESC handles scheduling and maintains both current and previous credentials during rotation transitions for zero-downtime rotation.
 
 ```yaml
 values:

content/docs/esc/integrations/dynamic-secrets/external.md

@@ -27,9 +27,9 @@ The external provider serves as a generic escape hatch for integrating secret so
 
 Use the external provider when:
 
-- You need to integrate a custom or proprietary secret management system
-- You have specific business logic for secret fetching
-- Your secret source is behind a firewall or requires custom networking
+- You need to integrate a custom or proprietary secret management system.
+- You have specific business logic for secret fetching.
+- Your secret source is behind a firewall or requires custom networking.
 
 ## ESC Configuration Example
 
@@ -154,7 +154,7 @@ import jwt
 from jwt import PyJWKClient
 
 # Configuration
-JWKS_URL = "https://api.pulumi.com/.well-known/jwks.json"
+JWKS_URL = "https://api.pulumi.com/oidc/.well-known/jwks"
 ADAPTER_URL = "https://my-adapter.example.com/fetch-secrets"
 PORT = 8443
 

content/docs/esc/integrations/rotated-secrets/external.md

@@ -207,7 +207,9 @@ After rotation, applications see only the current secret:
 
 Your application should always use `apiCredentials.current`. After rotation, `current` contains the newly rotated secret, while the previous secret remains valid until the next rotation.
 
-**Important:** Configure your rotation schedule to be less frequent than your application's configuration refresh interval. For example, if your app fetches configuration every 5 minutes, rotate no more than once per hour.
+{{% notes type="warning" %}}
+Configure your rotation schedule to be less frequent than your application's configuration refresh interval. For example, if your app fetches configuration every 5 minutes, rotate no more than once per hour.
+{{% /notes %}}
 
 ### Example Rotator Implementation