diff --git a/modules/enabling-aws-sts-existing-cluster.adoc b/modules/enabling-aws-sts-existing-cluster.adoc
index cb92f6b4ef..619d987e68 100644
--- a/modules/enabling-aws-sts-existing-cluster.adoc
+++ b/modules/enabling-aws-sts-existing-cluster.adoc
@@ -46,10 +46,10 @@ $ mkdir ./output_dir
 +
 [source,terminal]
 ----
-$ oc get configmap \
-  --namespace openshift-kube-apiserver bound-sa-token-signing-certs \
-  --output json | \
-  jq --raw-output '.data["service-account-001.pub"]' > ./output_dir/serviceaccount-signer.public <1>
+$ oc get secret/next-bound-service-account-signing-key \
+  -n openshift-kube-apiserver-operator \
+  -ojsonpath='{ .data.service-account\.pub }' | base64 -d \
+  > output_dir/serviceaccount-signer.public <1>
 ----
 <1> This procedure uses a file named `serviceaccount-signer.public` as an example.
 
diff --git a/modules/enabling-entra-workload-id-existing-cluster.adoc b/modules/enabling-entra-workload-id-existing-cluster.adoc
index 0a1aabd993..0e065ea735 100644
--- a/modules/enabling-entra-workload-id-existing-cluster.adoc
+++ b/modules/enabling-entra-workload-id-existing-cluster.adoc
@@ -41,9 +41,10 @@ This procedure uses `./output_dir` as an example.
 +
 [source,terminal]
 ----
-$ oc get configmap \
-  --namespace openshift-kube-apiserver bound-sa-token-signing-certs \
-  --output 'go-template={{index .data "service-account-001.pub"}}' > ./output_dir/serviceaccount-signer.public <1>
+$ oc get secret/next-bound-service-account-signing-key \
+  -n openshift-kube-apiserver-operator \
+  -ojsonpath='{ .data.service-account\.pub }' | base64 -d \
+  > output_dir/serviceaccount-signer.public <1>
 ----
 <1> This procedure uses a file named `serviceaccount-signer.public` as an example.
 
diff --git a/post_installation_configuration/changing-cloud-credentials-configuration.adoc b/post_installation_configuration/changing-cloud-credentials-configuration.adoc
index 5834d4076d..c947824d8b 100644
--- a/post_installation_configuration/changing-cloud-credentials-configuration.adoc
+++ b/post_installation_configuration/changing-cloud-credentials-configuration.adoc
@@ -76,7 +76,7 @@ include::modules/manually-removing-cloud-creds.adoc[leveloffset=+2]
 == Enabling token-based authentication
 //Today, just Entra. But this should be a section that anticipates the addition of AWS STS and GCP WID.
 
-After installing an {azure-first} {product-title} cluster, you can enable {entra-first} to use short-term credentials.
+After installing an {product-title} cluster on {azure-first} or {aws-first}, you can enable {entra-first} or {sts-first} to use short-term credentials.
 
 //Configuring the Cloud Credential Operator utility
 include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]