doc updates

docs/modules/components/pages/caches/aws_dynamodb.adoc

@@ -231,8 +231,7 @@ The ID of credentials to use.
 === `credentials.secret`
 
 The secret for the credentials being used.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -254,7 +253,7 @@ The token for the credentials being used, required when using short term credent
 
 === `credentials.from_ec2_role`
 
-Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance].
+Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^].
 
 
 *Type*: `bool`

docs/modules/components/pages/caches/aws_s3.adoc

@@ -200,8 +200,7 @@ The ID of credentials to use.
 === `credentials.secret`
 
 The secret for the credentials being used.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -223,7 +222,7 @@ The token for the credentials being used, required when using short term credent
 
 === `credentials.from_ec2_role`
 
-Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance].
+Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^].
 
 
 *Type*: `bool`

docs/modules/components/pages/caches/couchbase.adoc

@@ -84,8 +84,7 @@ Username to connect to the cluster.
 === `password`
 
 Password to connect to the cluster.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====

docs/modules/components/pages/caches/lru.adoc

@@ -53,7 +53,7 @@ lru:
 
 This provides the lru package which implements a fixed-size thread safe LRU cache.
 
-It uses the package https://github.com/hashicorp/golang-lru/v2[`lru`]
+It uses the package https://github.com/hashicorp/golang-lru/v2[`lru`^]
 
 The field init_values can be used to pre-populate the memory cache with any number of key/value pairs:
 

docs/modules/components/pages/caches/mongodb.adoc

@@ -67,8 +67,7 @@ The username to connect to the database.
 === `password`
 
 The password to connect to the database.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====

docs/modules/components/pages/caches/nats_kv.adoc

@@ -75,32 +75,32 @@ NATS component, so that monitoring tools between NATS and benthos can stay in sy
 == Authentication
 
 There are several components within Benthos which uses NATS services. You will find that each of these components
-support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys]
-and https://docs.nats.io/developing-with-nats/security/creds[User Credentials].
+support optional advanced authentication parameters for https://docs.nats.io/nats-server/configuration/securing_nats/auth_intro/nkey_auth[NKeys^]
+and https://docs.nats.io/developing-with-nats/security/creds[User Credentials^].
 
-See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial].
+See an https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt[in-depth tutorial^].
 
 === NKey file
 
 The NATS server can use these NKeys in several ways for authentication. The simplest is for the server to be configured
 with a list of known public keys and for the clients to respond to the challenge by signing it with its private NKey
 configured in the `nkey_file` field.
 
-https://docs.nats.io/developing-with-nats/security/nkey[More details].
+https://docs.nats.io/developing-with-nats/security/nkey[More details^].
 
 === User credentials
 
-NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT]
-and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret] when connecting to a server
+NATS server supports decentralized authentication based on JSON Web Tokens (JWT). Clients need an https://docs.nats.io/nats-server/configuration/securing_nats/jwt#json-web-tokens[user JWT^]
+and a corresponding https://docs.nats.io/developing-with-nats/security/nkey[NKey secret^] when connecting to a server
 which is configured to use this authentication scheme.
 
 The `user_credentials_file` field should point to a file containing both the private key and the JWT and can be
-generated with the https://docs.nats.io/nats-tools/nsc[nsc tool].
+generated with the https://docs.nats.io/nats-tools/nsc[nsc tool^].
 
 Alternatively, the `user_jwt` field can contain a plain text JWT and the `user_nkey_seed`can contain
 the plain text NKey Seed.
 
-https://docs.nats.io/developing-with-nats/security/creds[More details].
+https://docs.nats.io/developing-with-nats/security/creds[More details^].
 
 == Fields
 
@@ -175,8 +175,7 @@ Requires version 3.45.0 or newer
 === `tls.root_cas`
 
 An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -244,8 +243,7 @@ A plain text certificate to use.
 === `tls.client_certs[].key`
 
 A plain text certificate key to use.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -276,9 +274,11 @@ The path of a certificate key to use.
 
 === `tls.client_certs[].password`
 
-A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format.
+
+Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+
 [WARNING]
-.Secret
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -336,8 +336,7 @@ user_credentials_file: ./user.creds
 === `auth.user_jwt`
 
 An optional plain text user JWT (given along with the corresponding user NKey Seed).
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -350,8 +349,7 @@ This field contains sensitive information that usually shouldn't be added to a c
 === `auth.user_nkey_seed`
 
 An optional plain text user NKey Seed (given along with the corresponding user JWT).
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====

docs/modules/components/pages/caches/redis.adoc

@@ -160,8 +160,7 @@ Requires version 3.45.0 or newer
 === `tls.root_cas`
 
 An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -229,8 +228,7 @@ A plain text certificate to use.
 === `tls.client_certs[].key`
 
 A plain text certificate key to use.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -261,9 +259,11 @@ The path of a certificate key to use.
 
 === `tls.client_certs[].password`
 
-A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format.
+
+Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+
 [WARNING]
-.Secret
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====

docs/modules/components/pages/caches/ristretto.adoc

@@ -14,7 +14,7 @@
 component_type_dropdown::[]
 
 
-Stores key/value pairs in a map held in the memory-bound https://github.com/dgraph-io/ristretto[Ristretto cache].
+Stores key/value pairs in a map held in the memory-bound https://github.com/dgraph-io/ristretto[Ristretto cache^].
 
 
 [tabs]

docs/modules/components/pages/caches/sql.adoc

@@ -156,9 +156,9 @@ The following is a list of supported drivers, their placeholder style, and their
 
 Please note that the `postgres` driver enforces SSL by default, you can override this with the parameter `sslmode=disable` if required.
 
-The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication], the DSN has the following format: `<snowflake_user>@<snowflake_account>/<db_name>/<schema_name>?warehouse=<warehouse>&role=<role>&authenticator=snowflake_jwt&privateKey=<base64_url_encoded_private_key>`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded.
+The `snowflake` driver supports multiple DSN formats. Please consult https://pkg.go.dev/github.com/snowflakedb/gosnowflake#hdr-Connection_String[the docs^] for more details. For https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication[key pair authentication^], the DSN has the following format: `<snowflake_user>@<snowflake_account>/<db_name>/<schema_name>?warehouse=<warehouse>&role=<role>&authenticator=snowflake_jwt&privateKey=<base64_url_encoded_private_key>`, where the value for the `privateKey` parameter can be constructed from an unencrypted RSA private key file `rsa_key.p8` using `openssl enc -d -base64 -in rsa_key.p8 | basenc --base64url -w0` (you can use `gbasenc` insted of `basenc` on OSX if you install `coreutils` via Homebrew). If you have a password-encrypted private key, you can decrypt it using `openssl pkcs8 -in rsa_key_encrypted.p8 -out rsa_key.p8`. Also, make sure fields such as the username are URL-encoded.
 
-The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes] for details.
+The https://pkg.go.dev/github.com/microsoft/gocosmos[`gocosmos`^] driver is still experimental, but it has support for https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys[hierarchical partition keys^] as well as https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-query-container#cross-partition-query[cross-partition queries^]. Please refer to the https://github.com/microsoft/gocosmos/blob/main/SQL.md[SQL notes^] for details.
 
 
 *Type*: `string`

docs/modules/components/pages/caches/ttlru.adoc

@@ -55,7 +55,7 @@ The cache ttlru provides a simple, goroutine safe, cache with a fixed number of
 
 This TTL is reset on both modification and access of the value. As a result, if the cache is full, and no items have expired, when adding a new item, the item with the soonest expiration will be evicted.
 
-It uses the package https://github.com/hashicorp/golang-lru/v2/expirable[`expirable`]
+It uses the package https://github.com/hashicorp/golang-lru/v2/expirable[`expirable`^]
 
 The field init_values can be used to pre-populate the memory cache with any number of key/value pairs:
 

docs/modules/components/pages/inputs/amqp_0_9.adoc

@@ -292,8 +292,7 @@ Requires version 3.45.0 or newer
 === `tls.root_cas`
 
 An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -361,8 +360,7 @@ A plain text certificate to use.
 === `tls.client_certs[].key`
 
 A plain text certificate key to use.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -393,9 +391,11 @@ The path of a certificate key to use.
 
 === `tls.client_certs[].password`
 
-A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format.
+
+Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+
 [WARNING]
-.Secret
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====

docs/modules/components/pages/inputs/amqp_1.adoc

@@ -205,8 +205,7 @@ Requires version 3.45.0 or newer
 === `tls.root_cas`
 
 An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -274,8 +273,7 @@ A plain text certificate to use.
 === `tls.client_certs[].key`
 
 A plain text certificate key to use.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -306,9 +304,11 @@ The path of a certificate key to use.
 
 === `tls.client_certs[].password`
 
-A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Warning: Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format.
+
+Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.
+
 [WARNING]
-.Secret
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -374,8 +374,7 @@ user: ${USER}
 === `sasl.password`
 
 A SASL plain text password. It is recommended that you use environment variables to populate this field.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====

docs/modules/components/pages/inputs/aws_kinesis.adoc

@@ -284,8 +284,7 @@ The ID of credentials to use.
 === `credentials.secret`
 
 The secret for the credentials being used.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -307,7 +306,7 @@ The token for the credentials being used, required when using short term credent
 
 === `credentials.from_ec2_role`
 
-Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance].
+Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^].
 
 
 *Type*: `bool`

docs/modules/components/pages/inputs/aws_s3.adoc

@@ -182,8 +182,7 @@ The ID of credentials to use.
 === `credentials.secret`
 
 The secret for the credentials being used.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -205,7 +204,7 @@ The token for the credentials being used, required when using short term credent
 
 === `credentials.from_ec2_role`
 
-Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance].
+Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^].
 
 
 *Type*: `bool`

docs/modules/components/pages/inputs/aws_sqs.adoc

@@ -177,8 +177,7 @@ The ID of credentials to use.
 === `credentials.secret`
 
 The secret for the credentials being used.
-[WARNING]
-.Secret
+[CAUTION]
 ====
 This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info].
 ====
@@ -200,7 +199,7 @@ The token for the credentials being used, required when using short term credent
 
 === `credentials.from_ec2_role`
 
-Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance].
+Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^].
 
 
 *Type*: `bool`