From 46f6cf80f49a5b23f6db00327491114e4dadd05a Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Fri, 13 Sep 2024 09:17:52 +0300
Subject: [PATCH] docs: Clarify `.spec.decryption.secretRef` usage

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 docs/spec/v1/kustomizations.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/spec/v1/kustomizations.md b/docs/spec/v1/kustomizations.md
index dec83c93..9c7af00e 100644
--- a/docs/spec/v1/kustomizations.md
+++ b/docs/spec/v1/kustomizations.md
@@ -739,12 +739,13 @@ Secret, encrypting the `metadata`, `kind` or `apiVersion` fields is not supporte
 An easy way to do this is by appending `--encrypted-regex '^(data|stringData)$'`
 to your `sops --encrypt` command.
 
-It has two required fields:
+It has two fields:
 
+- `.provider`: The secrets decryption provider to be used. This field is required and
+  the only supported value is `sops`.
 - `.secretRef.name`: The name of the secret that contains the keys to be used for
-   decryption.
-- `.provider`: The secrets decryption provider to be used. The only supported
-   value at the moment is `sops`.
+  decryption. This field can be omitted when using the
+  [global decryption](#controller-global-decryption) option.
 
 ```yaml
 ---