From da6851225b2c044375ad26f0644d5678216875c1 Mon Sep 17 00:00:00 2001
From: Ying Li <ying.li@docker.com>
Date: Mon, 7 Mar 2016 15:46:00 -0800
Subject: [PATCH] Update advanced usage documentation

Signed-off-by: Ying Li <ying.li@docker.com>
---
 docs/advanced_usage.md        | 11 ++++++-----
 server/handlers/validation.go |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/docs/advanced_usage.md b/docs/advanced_usage.md
index 8a06f2e6d..39a59e348 100644
--- a/docs/advanced_usage.md
+++ b/docs/advanced_usage.md
@@ -90,11 +90,13 @@ subsection.
 In case of potential compromise, notary provides a CLI command for rotating keys. Currently, you can use the `notary key rotate` command to rotate the targets or snapshot keys.
 
 While the snapshot key is managed by the notary client by default, use the `notary key
-rotate -r` command to rotate the snapshot key to the server, such that the
+rotate snapshot -r` command to rotate the snapshot key to the server, such that the
 notary server will then sign snapshots. This is particularly useful when using
 delegations with a trusted collection, so that delegates will never need access to the
 snapshot key to push their updates to the collection.
 
+The targets key must be locally managed - to rotate the targets key, for instance in case of compromise, use the `notary key rotate targets` command without the `-r` flag.
+
 ### Use a Yubikey
 
 Notary can be used with [Yubikey
@@ -125,11 +127,10 @@ their own targets to the collection, since the server can publish the valid
 snapshot with the delegation targets:
 
 ```
-$ notary key rotate example.com/collection -r --key-type=snapshot
+$ notary key rotate example.com/collection snapshot -r
 ```
 
-Here, `-r` specifies to rotate the key to the remote server, and `--key-type` (shorthand `-t`)
-specifies the role.
+Here, `-r` specifies to rotate the key to the remote server.
 
 When adding a delegation, your must acquire a x509 certificate with the public
 key of the user you wish to delegate to. The user who will assume this
@@ -201,7 +202,7 @@ In the preceding example, you add the target `delegation/path/target` to
 collection `example/collections` staged for next publish. The file
 `delegation_file.txt` is a target `delegation/path/target` using the delegation
 role `targets/releases`. This target's path is valid because it is prefixed by
-the delegation role's valid path.  
+the delegation role's valid path.
 
 The `notary list` and `notary remove` commands can also take the `--roles` flag
 to specify roles to list or remove targets from.  By default, this operates over
diff --git a/server/handlers/validation.go b/server/handlers/validation.go
index 50fd3cb96..ed0b2e423 100644
--- a/server/handlers/validation.go
+++ b/server/handlers/validation.go
@@ -235,7 +235,7 @@ func generateSnapshot(gun string, repo *tuf.Repo, store storage.MetaStore) (*sto
 			return nil, validation.ErrValidation{Msg: err.Error()}
 		}
 	} else {
-		// this will only occurr if no snapshot has ever been created for the repository
+		// this will only occur if no snapshot has ever been created for the repository
 		err := repo.InitSnapshot()
 		if err != nil {
 			return nil, validation.ErrBadSnapshot{Msg: err.Error()}