Documentation refinements and cleanup

- Update AWS authentication anti-patterns section wording
- Clean up CLI documentation
- Minor text improvements in guide pages

Author: jszobody

docs/guide/aws-authentication.md

@@ -174,14 +174,14 @@ deploy:
 
 ## Security Best Practices
 
-### Never Do This
+### Anti-Patterns to Avoid
 
-❌ Store AWS credentials in your repository  
-❌ Put AWS credentials in `.env` files tracked by git  
-❌ Use long-lived AWS access keys in production  
-❌ Share AWS credentials between environments  
+❌ Storing AWS credentials in your repository  
+❌ Putting AWS credentials in `.env` files tracked by git  
+❌ Using long-lived AWS access keys in production  
+❌ Sharing AWS credentials between environments  
 
-### Always Do This
+### Recommended Practices
 
 ✅ Use temporary credentials when possible (aws-vault, SSO, instance roles)  
 ✅ Apply least-privilege IAM policies  
@@ -211,32 +211,6 @@ After setting up authentication, you need to configure IAM permissions for the A
 
 Each vault type requires specific IAM permissions based on your usage pattern (read-only, read-write, or admin access).
 
-## PHP Application Considerations
-
-When using Keep with PHP applications:
-
-1. **Don't hardcode AWS credentials in config**
-   ```php
-   // config/aws.php - DON'T DO THIS
-   'credentials' => [
-       'key'    => env('AWS_ACCESS_KEY_ID'),
-       'secret' => env('AWS_SECRET_ACCESS_KEY'),
-   ]
-   ```
-
-2. **Let the SDK find credentials automatically**
-   ```php
-   // config/aws.php - DO THIS
-   'credentials' => null, // SDK will use IAM role, ~/.aws/credentials, etc.
-   ```
-
-3. **Generate .env before caching configuration**
-   ```bash
-   # deployment.sh
-   keep export --stage=production --output=.env
-   # Then cache your application configuration if needed
-   ```
-
 ## Troubleshooting
 
 **"Keep can't find AWS credentials"**

docs/guide/cli/index.md

@@ -33,24 +33,6 @@ sh 'docker build --secret id=env,src=.env .'
 sh 'rm -f .env'  # Clean up
 ```
 
-### Automated Secret Rotation
-
-```bash
-#!/bin/bash
-# Rotate API keys across environments
-
-# Generate new key
-NEW_KEY=$(openssl rand -hex 32)
-
-# Update in all stages
-for stage in local staging production; do
-  keep set API_KEY "$NEW_KEY" --stage=$stage --force
-done
-
-# Restart services
-keep run --stage=production -- systemctl restart api-server
-```
-
 ### Bulk Operations
 
 ```bash

docs/guide/index.md

@@ -8,9 +8,10 @@ Managing secrets across local, staging, and production environments is challengi
 
 - **Unified Interface**: One CLI for all your secret vaults
 - **Stage Organization**: Separate secrets by environment (local, staging, production)
-- **Template Generation**: Build configuration files from templates with automatic secret injection
+- **Template Generation**: Build configuration files from templates with automatic secret replacement
 - **Team Collaboration**: Share vault access without exposing secret values
 - **Security First**: Encrypted storage, masked output, and secure AWS integration
+- **Deployment Ready**: Designed for CI/CD pipelines and automated workflows, supporting .env file generation or direct environment variable injection
 
 ## Getting Started
 

docs/index.md

@@ -15,7 +15,7 @@ hero:
 
 features:
   - title: Multi-Vault Support
-    details: AWS SSM and Secrets Manager, with more providers coming soon.
+    details: Supports AWS SSM and Secrets Manager currently, with more providers planned.
 
   - title: Stage Management  
     details: Organize secrets by environment with seamless promotion workflows.