From bafd0f2986a21ebb98e12e27624725482f0615fc Mon Sep 17 00:00:00 2001
From: JrCs <90z7oey02@sneakemail.com>
Date: Wed, 6 Jun 2018 13:24:15 +0200
Subject: [PATCH] Vault issuer MUST USE the vault 'sign' endpoint

---
 docs/tutorials/vault/creating-vault-issuers.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/tutorials/vault/creating-vault-issuers.rst b/docs/tutorials/vault/creating-vault-issuers.rst
index 1e72a5f73..78d452ed3 100644
--- a/docs/tutorials/vault/creating-vault-issuers.rst
+++ b/docs/tutorials/vault/creating-vault-issuers.rst
@@ -62,7 +62,8 @@ We can now create a cluster issuer referencing this secret:
               key: secretId
 
 Where *path* is the Vault role path of the PKI backend and *server* is
-the Vault server base URL. The Vault appRole credentials are supplied as the
+the Vault server base URL. The *path* MUST USE the vault ``sign`` endpoint.
+The Vault appRole credentials are supplied as the
 Vault authentication method using the appRole created in Vault. The secretRef
 references the Kubernetes secret created previously. More specifically, the field
 *name* is the Kubernetes secret name and *key* is the name given as the