From 7307f0c9a12751ef39cedcb966c470c33603e334 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Valais?= <mael@vls.dev>
Date: Thu, 21 Dec 2023 10:14:29 +0100
Subject: [PATCH] venafi: explain why "do not select 'refresh token enabled'"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Maël Valais <mael@vls.dev>
---
 content/docs/configuration/venafi.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/content/docs/configuration/venafi.md b/content/docs/configuration/venafi.md
index 29cbbd04c72..17e77a29fcd 100644
--- a/content/docs/configuration/venafi.md
+++ b/content/docs/configuration/venafi.md
@@ -141,7 +141,9 @@ credentials.
 
 1. [Set up token authentication](https://docs.venafi.com/Docs/23.1/TopNav/Content/SDK/AuthSDK/t-SDKa-Setup-OAuth.php).
 
-   NOTE: Do not select "Refresh Token Enabled" and set a *long* "Token Validity (days)".
+   NOTE: Do not select "Refresh Token Enabled" and set a *long* "Token Validity
+   (days)". The Refresh Token feature is not supported by cert-manager's Venafi
+   `Issuer`.
 
 2. Create a new user with sufficient privileges to manage and revoke certificates in a particular policy folder (zone).