edits from SW

Author: genwhittTTD

docs/guides/integration-options-private-operator.md

@@ -94,7 +94,7 @@ For information about supported versions and deprecation dates, see [Private Ope
 
 <UpgradePolicy />
 
-## Rotating the Keys
+## Keeping the Operator Key Secure
 
 <SnptRotatingTheKeys />
 

docs/guides/operator-guide-aks-enclave.md

@@ -473,6 +473,6 @@ To upgrade, complete the following steps:
    kubectl get pods
    ```
 
-## Rotating the Keys
+## Keeping the Operator Key Secure
 
 <SnptRotatingTheKeys />

docs/guides/operator-guide-aws-marketplace.md

@@ -360,7 +360,7 @@ The following table includes some additional commands that might help you manage
 | Runs one iteration of `logrotate` manually, without changing the scheduled interval. | `sudo logrotate -f /etc/logrotate.conf --force` |
 | Reloads `syslog-ng`. | `sudo /usr/sbin/syslog-ng-ctl reload` |
 
-## Rotating the Keys
+## Keeping the Operator Key Secure
 
 <SnptRotatingTheKeys />
 

docs/guides/operator-guide-azure-enclave.md

@@ -337,7 +337,7 @@ To upgrade, complete the following steps:
    for i in {0..COUNT}; az container delete --name uid-operator-OLD-VERSION-$i --resource-group {RESOURCE_GROUP} --yes
    ```
 
-## Rotating the Keys
+## Keeping the Operator Key Secure
 
 <SnptRotatingTheKeys />
 

docs/guides/operator-private-gcp-confidential-space.md

@@ -533,7 +533,7 @@ If you previously set up a load balancer manually, you'll also need to update th
 ## Scraping Metrics
 The Private Operator for GCP exposes [Prometheus-formatted metrics](https://prometheus.io/docs/concepts/data_model/) on port 9080 through the /metrics endpoint. You can use a Prometheus-compatible scraper to collect and aggregate these metrics for your own needs.
 
-## Rotating the Keys
+## Keeping the Operator Key Secure
 
 <SnptRotatingTheKeys />
 

docs/snippets/_private-operator-rotating-the-keys.mdx

@@ -1,7 +1,8 @@
 <!-- Used by: all Private Operator guides plus intro: guides/operator-guide-aks-enclave.md, operator-guide-aws-marketplace.md, operator-guide-azure-enclave.md, operator-private-gcp-confidential-space.md, also integration-options-private-operator.md -->
 
-It's a good security practice to rotate the keys on a regular cadence.
+Here are some guidelines for keeping your operator key secure:
 
-[**GWH__SW question. In this doc (AWS) we mention: KMSKey, SSMKeyAlias, "the operator key", SSH key, the key store, OPERATOR_KEY, EC2 key pair. I'd like to be clear about naming and I'm frankly not sure... is it the operator key? Just need to be a bit clearer than "rotate the keys"**]
-
-For specific recommendations, see [Security of API Key and Client Secret](../getting-started/gs-credentials.md#security-of-api-key-and-client-secret).
+- When you receive your operator key, store it in a secure location.
+- Keep track of all places where the key is used, so that if you need to rotate it you can do so quickly.
+- Establish a process for replacing the existing value with a new one if the key is compromised.
+- Rotate it on a regular cadence&#8212;for example, yearly&#8212;to help reduce the risk of the key being compromised.