(incubator-seata-website) branch docusaurus updated: optimize: some tiny fix (#949)

[jimin]

This is an automated email from the ASF dual-hosted git repository.

jimin pushed a commit to branch docusaurus
in repository https://gitbox.apache.org/repos/asf/incubator-seata-website.git


The following commit(s) were added to refs/heads/docusaurus by this push:
     new 5c9198f81cb optimize: some tiny fix (#949)
5c9198f81cb is described below

commit 5c9198f81cb542beb7b80a39c568243b26832be5
Author: jimin <sliev...@163.com>
AuthorDate: Mon Mar 17 23:34:29 2025 +0800

    optimize: some tiny fix (#949)
---
 .../current/security/secret-key.md                            |  9 ++++-----
 .../current/security/secret-key.md                            | 11 +++++------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git 
a/i18n/en/docusaurus-plugin-content-docs/current/security/secret-key.md 
b/i18n/en/docusaurus-plugin-content-docs/current/security/secret-key.md
index 7c38e3c6ea5..b8cad181826 100644
--- a/i18n/en/docusaurus-plugin-content-docs/current/security/secret-key.md
+++ b/i18n/en/docusaurus-plugin-content-docs/current/security/secret-key.md
@@ -7,13 +7,13 @@ description: SecretKey Security Announcement.
 # SecretKey Security Announcement
 
 ## Background
-Starting from version 1.5.0, Seata provides a user console called 
Seata-Console. The user console offers query functionality for global 
transactions and branch transactions, allowing users to easily search for 
global transactions, branch transactions, and global lock information based on 
various matching conditions. This helps users quickly define and troubleshoot 
problems.
+Since version 1.5.0, Seata has provided a user console called Seata-Console. 
The user console offers query functionality for global transactions and branch 
transactions, allowing users to easily search for global transactions, branch 
transactions, and global lock information based on various matching conditions. 
This can help users quickly locate and troubleshoot issues.
 
-To log into Seata-Console, users need to enter a username and password. 
Seata-Console sends the username and password to the backend, which verifies 
their correctness. If correct, it generates a time-sensitive JWT token based on 
a SecretKey and returns it to the frontend. On subsequent visits, the frontend 
sends the JWT token to the backend. The backend verifies the token's validity 
and, if correct, returns the requested data. If incorrect, access is denied.
+To log into Seata-Console, users need to enter a username and password. 
Seata-Console sends the username and password to the backend service, which 
verifies their correctness. If correct, it generates a time-sensitive JWT token 
based on a SecretKey and returns it to the frontend. On subsequent visits, the 
frontend carries the JWT token information and sends it to the backend. The 
backend verifies the token's validity and, if correct, returns the data; if 
incorrect, it denies access.
 
-In Seata-Console's default configuration file, there are default username, 
password, and SecretKey settings. In a production environment, users need to 
modify these default settings to ensure security. Below are configuration 
recommendations for the production environment for your reference.
+In Seata-Console's default configuration file, there are default settings for 
the username, password, and SecretKey. In a production environment, users must 
change these default username, password, and SecretKey settings to ensure 
security. Below are configuration recommendations for the production 
environment for your reference.
 
-## Solution
+## Production Solution
 - In a production environment, prohibit unnecessary public network access. If 
public network access is required, configure firewalls or ACL rules to restrict 
IP access. Even though Seata-Console does not store or display sensitive data, 
we strongly recommend that you do so.
 - When deploying Seata-Console for the first time, it is essential to change 
the default username, password, and SecretKey before deployment to avoid the 
risk of data leakage or intrusion due to default credentials. You need to 
modify `seata.console.user.username`, `seata.user.password`, and 
`seata.security.secretKey` in the application.yml configuration file. In a 
Kubernetes deployment mode, you can manage this information independently and 
hierarchically using ConfigMap/Secret resource [...]
 ```yml
@@ -21,7 +21,6 @@ console:
   user:
     username: ${SEATA_CONSOLE_USERNAME}
     password: ${SEATA_CONSOLE_PASSWORD}
-}
 seata:
   security:
     secretKey: ${SEATA_SECRET_KEY}
diff --git 
a/i18n/zh-cn/docusaurus-plugin-content-docs/current/security/secret-key.md 
b/i18n/zh-cn/docusaurus-plugin-content-docs/current/security/secret-key.md
index f011d4c2b6e..7d86efd0b4a 100644
--- a/i18n/zh-cn/docusaurus-plugin-content-docs/current/security/secret-key.md
+++ b/i18n/zh-cn/docusaurus-plugin-content-docs/current/security/secret-key.md
@@ -7,21 +7,20 @@ description: SecretKey 安全公告.
 # SecretKey 安全公告
 
 ## 背景
-自1.5.0 版本开始，Seata 提供了用户控制台 
Seata-Console。在用户控制台中提供了全局事务和分支事务的查询功能，用户可以方便的根据各种匹配条件查询全局事务，分支事务和全局锁信息，以此帮助用户快速的定义和排查问题。
+自1.5.0 版本开始，Seata 提供了用户控制台 
Seata-Console。在用户控制台中提供了全局事务和分支事务的查询功能，用户可以方便的根据各种匹配条件查询全局事务，分支事务和全局锁信息，以此可以帮助用户快速的定位和排查问题。
 
-用户登录Seata-Console，需要输入用户名和密码。Seata-Console 
会将用户名和密码发送到后端，后端验证用户名和密码是否正确。如果正确则根据 SecretKey 生成一个具有时效性的JWT 
Token，返回给前端。前端下次访问时，将 JWT Token发送到后端，后端验证JWT Token是否正确，如果正确则返回数据，如果错误则拒绝访问。
+用户登录 Seata-Console，需要输入用户名和密码。Seata-Console 
会将用户名和密码发送到后端服务，后端服务验证用户名和密码是否正确。如果正确，则根据 SecretKey 生成一个具有时效性的 JWT 
Token，返回给前端。前端下次访问时，将携带 JWT Token 信息发送到后端，后端验证JWT Token是否正确，如果正确则返回数据，如果错误则拒绝访问。
 
-在Seata-Console默认的配置文件存在默认的用户名，密码和SecretKey。在生产环境中，用户需要修改默认的用户名，密码和SecretKey，以保证安全性。以下是对生产环境的配置建议，请您参考。
+在 Seata-Console 
的默认配置文件存在默认的用户名，密码和SecretKey。在生产环境中，用户必须修改默认的用户名，密码和SecretKey，以保证安全性。以下是对生产环境的配置建议，请您参考。
 
-## 解决方案
+## 生产环境实践方案
 - 
在生产环境中，禁止非必要的公网访问，若要开启公网访问，请配置好防火墙或者ACL规则，限制IP访问。即使Seata-Console中并不存储和展示敏感数据，我们也强烈的要求您这么做。
-- 
首次部署Seata-Console时，必须修改默认的用户名，密码和SecretKey后再进行部署，避免因默认凭据导致数据泄露或入侵风险。需要修改配置文件`application.yml`中的`seata.console.user.username`，`seata.user.password`和`seata.security.secretKey`。在Kubernetes部署模式下可以通过ConfigMap/Secret资源对相关信息进行独立分级管理。具备需要修改的配置项如下：
+- 
首次部署Seata-Console时，必须修改默认的用户名，密码和SecretKey后再进行部署，避免因默认凭据导致数据泄露或入侵风险。需要修改配置文件`application.yml`中的`seata.console.user.username`，`seata.user.password`和`seata.security.secretKey`。在Kubernetes部署模式下可以通过ConfigMap/Secret资源对相关信息进行独立分级管理。需要修改的配置项请参考如下配置。
 ```yml
 console:
   user:
     username: ${SEATA_CONSOLE_USERNAME}
     password: ${SEATA_CONSOLE_PASSWORD}
-}
 seata:
   security:
     secretKey: ${SEATA_SECRET_KEY}


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org
For additional commands, e-mail: notifications-h...@seata.apache.org