Merge branch '4.4' into 5.0

* 4.4:
  Update secrets.rst

Author: javiereguiluz

configuration/secrets.rst

@@ -233,17 +233,19 @@ manually store this file somewhere and deploy it. There are 2 ways to do that:
 
 1) Uploading the file:
 
-The first option is to copy the **decryption key** -
-``/config/secrets/prod/prod.decrypt.private.php`` to your server(s).
+The first option is to copy the **production decryption key** -
+``config/secrets/prod/prod.decrypt.private.php`` to your server(s).
 
 2) Using an Environment Variable
 
 The second way is to set the ``SYMFONY_DECRYPTION_SECRET`` environment variable
-to the base64 encoded value of the **decryption key**. A fancy way to fetch the
-value of the key is:
+to the base64 encoded value of the **production decryption key**. A fancy way to
+fetch the value of the key is:
 
 .. code-block:: terminal
 
+    # this command only gets the value of the key; you must also set an env var
+    # in your system with this value (e.g. `export SYMFONY_DECRYPTION_SECRET=...`)
     $ php -r 'echo base64_encode(require "config/secrets/prod/prod.decrypt.private.php");'
 
 To improve performance (i.e. avoid decrypting secrets at runtime), you can decrypt
@@ -253,8 +255,8 @@ your secrets during deployment to the "local" vault:
 
     $ php bin/console secrets:decrypt-to-local --force --env=prod
 
-This will put all the decrypted secrets into ``.env.prod.local``. After doing this,
-the decryption key does *not* need to remain on the server.
+This will write all the decrypted secrets into the ``.env.prod.local`` file.
+After doing this, the decryption key does *not* need to remain on the server.
 
 Rotating Secrets
 ----------------