diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml
index b782e1003..f82c06493 100644
--- a/deploy/crds/crd-clusterissuers.yaml
+++ b/deploy/crds/crd-clusterissuers.yaml
@@ -2365,9 +2365,9 @@ spec:
                               type: string
                         credentialsRef:
                           description: |-
-                            CredentialsRef is a reference to a Secret containing the username and
-                            password for the TPP server.
-                            The secret must contain two keys, 'username' and 'password'.
+                            CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials.
+                            The secret must contain the key 'access-token' for the Access Token Authentication,
+                            or two keys, 'username' and 'password' for the API Keys Authentication.
                           type: object
                           required:
                             - name
diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml
index 9dd459f34..056fa59e9 100644
--- a/deploy/crds/crd-issuers.yaml
+++ b/deploy/crds/crd-issuers.yaml
@@ -2365,9 +2365,9 @@ spec:
                               type: string
                         credentialsRef:
                           description: |-
-                            CredentialsRef is a reference to a Secret containing the username and
-                            password for the TPP server.
-                            The secret must contain two keys, 'username' and 'password'.
+                            CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials.
+                            The secret must contain the key 'access-token' for the Access Token Authentication,
+                            or two keys, 'username' and 'password' for the API Keys Authentication.
                           type: object
                           required:
                             - name
diff --git a/internal/apis/certmanager/types_issuer.go b/internal/apis/certmanager/types_issuer.go
index 78aaa1ed4..e5926d367 100644
--- a/internal/apis/certmanager/types_issuer.go
+++ b/internal/apis/certmanager/types_issuer.go
@@ -132,9 +132,9 @@ type VenafiTPP struct {
 	// for example: "https://tpp.example.com/vedsdk".
 	URL string
 
-	// CredentialsRef is a reference to a Secret containing the username and
-	// password for the TPP server.
-	// The secret must contain two keys, 'username' and 'password'.
+	// CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials.
+	// The secret must contain the key 'access-token' for the Access Token Authentication,
+	// or two keys, 'username' and 'password' for the API Keys Authentication.
 	CredentialsRef cmmeta.LocalObjectReference
 
 	// Base64-encoded bundle of PEM CAs which will be used to validate the certificate
diff --git a/pkg/apis/certmanager/v1/types_issuer.go b/pkg/apis/certmanager/v1/types_issuer.go
index 274b2f5cf..efb1f5286 100644
--- a/pkg/apis/certmanager/v1/types_issuer.go
+++ b/pkg/apis/certmanager/v1/types_issuer.go
@@ -149,9 +149,9 @@ type VenafiTPP struct {
 	// for example: "https://tpp.example.com/vedsdk".
 	URL string `json:"url"`
 
-	// CredentialsRef is a reference to a Secret containing the username and
-	// password for the TPP server.
-	// The secret must contain two keys, 'username' and 'password'.
+	// CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials.
+	// The secret must contain the key 'access-token' for the Access Token Authentication,
+	// or two keys, 'username' and 'password' for the API Keys Authentication.
 	CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"`
 
 	// Base64-encoded bundle of PEM CAs which will be used to validate the certificate