diff --git a/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-data-with-km-dek.mdx b/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-data-with-km-dek.mdx
index 4ddd07413c..eb30d34b4f 100644
--- a/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-data-with-km-dek.mdx
+++ b/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-data-with-km-dek.mdx
@@ -23,12 +23,12 @@ This page shows you how to encrypt and decrypt data using your Key Manager [data
 - Retrieved your key encryption key's ID
 - A valid [API key](/identity-and-access-management/iam/how-to/create-api-keys/)
 - Downloaded and configured the [Scaleway CLI](https://github.com/scaleway/scaleway-cli?tab=readme-ov-file#getting-started)
-- [Dowloaded Python](https://www.python.org/downloads/) or [Go](https://go.dev/doc/install)
+- [Dowloaded and installed Python](https://www.python.org/downloads/) or [Go](https://go.dev/doc/install)
 - [Created a Key Manager data encryption key](/identity-and-access-management/key-manager/how-to/create-manage-dek/)
 
 ## Encrypt and decrypt data with Tink and Key Manager
 
-The [Scaleway Tink extension](https://gitlab.infra.online.net/secret-manager/tink-go-scwkms) generates a unique data encryption key for each piece of data that it encrypts. This method follows the cryptography best practices of using unique data encryption keys for each encryption operation.
+The [Scaleway Tink extension](/identity-and-access-management/key-manager/api-cli/manage-keys-with-tink) generates a unique data encryption key for each piece of data that it encrypts. This method follows the cryptography best practices of using unique data encryption keys for each encryption operation.
 
 Tink is an open source cryptography library written by cryptographers and security engineers at Google.
 
@@ -178,7 +178,6 @@ Open a terminal and paste the following command to export your environment varia
     go run test.go
     ```
 
-<br>
 
 ## Manually encrypt and decrypt data with a Key Manager DEK
 
@@ -191,7 +190,7 @@ To decrypt or encrypt your data using OpenSSL, you need to send your encrypted D
 Scaleway Key Manager then uses your key encryption key (KEK) to decrypt the encrypted DEK, returning it to its plaintext (unencrypted) form, which you can then use to decrypt your actual data.
 
 <Message type="important">
- - **It is not recommended to you use OpenSSL in a production environment**.
+ - **We do not recommend that you use OpenSSL in a production environment**.
  - You should **never save the plaintext DEK on disk or any permanent storage, as it poses a security risk**.
 </Message>
 
@@ -274,6 +273,4 @@ Open a terminal and paste the following command to perform the actions described
         <Message type="note">
          Use the same cryptographic algorithm and decryption mechanism as the ones you used during the encryption process.
         </Message>
-4. Delete the plaintext DEK from permanent storage after using it to enhance security.
-
-<br>
\ No newline at end of file
+4. Delete the plaintext DEK from permanent storage after using it to enhance security.
\ No newline at end of file
diff --git a/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-keys-with-streaming-aead-tink.mdx b/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-keys-with-streaming-aead-tink.mdx
index c05b55eae1..e53dd17f52 100644
--- a/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-keys-with-streaming-aead-tink.mdx
+++ b/identity-and-access-management/key-manager/api-cli/encrypt-decrypt-keys-with-streaming-aead-tink.mdx
@@ -19,7 +19,7 @@ Tink is a multi-language cryptographic library that simplifies common cryptograp
 
 Key Manager handles secure storage and management of encryption keys. In this case, it is integrated with Tink to manage a Key Encryption Key (KEK).
 
-Streaming AEAD: This is the cryptographic primitive that handles secure, authenticated streaming encryption. It ensures that large amounts of data are encrypted on-the-fly without needing to load everything into memory.
+Streaming AEAD: This is the cryptographic primitive that handles secure, authenticated streaming encryption. It ensures that large amounts of data are encrypted on the fly without needing to load everything into memory.
 
 This page shows you how to use the Key Manager Tink extension to encrypt and decrypt large data streams using Authenticated Encryption with Associated Data (AEAD).
 
@@ -57,7 +57,7 @@ Open a terminal and paste the following commands to export your environment vari
      go get github.com/tink-crypto/tink-go/v2
     ```
 
-2. Create a Go project and paste the following code in a Go file:
+2. Create a Go project and paste the following code into a Go file:
 
     ```
     package main
@@ -196,7 +196,7 @@ Open a terminal and paste the following commands to export your environment vari
     }
     ```
     <Message type="note">
-     - The example above shows you how to use the Key Manager remote key encryption key to protect your data encryption key and AEAD stream, you can also protect the data encryption key using another non remote key.
+     - The example above shows you how to use the Key Manager remote key encryption key to protect your data encryption key and AEAD stream, you can also protect the data encryption key using another non-remote key.
      - Associated data is authenticated but not encrypted
     </Message>
 
diff --git a/identity-and-access-management/key-manager/api-cli/manage-keys-with-tink.mdx b/identity-and-access-management/key-manager/api-cli/manage-keys-with-tink.mdx
index 8081128a79..86ccf4d33b 100644
--- a/identity-and-access-management/key-manager/api-cli/manage-keys-with-tink.mdx
+++ b/identity-and-access-management/key-manager/api-cli/manage-keys-with-tink.mdx
@@ -211,7 +211,7 @@ Run the following command to encrypt your data with `Associated Data`. In the ex
     // Insert secret2 into row 43
     ```
 
-Associated Data does not need to be stored, as it can be infered from the context at decryption time. It is also possible to use a unique DEK for each payload. We recommend using Associated Data.
+Associated Data does not need to be stored, as it can be inferred from the context at decryption time. It is also possible to use a unique DEK for each payload. We recommend using Associated Data.
 
 
 ## Hierarchy of keys
@@ -223,7 +223,7 @@ However, your application still needs to call the Key Manager API:
  - At least once to encrypt a newly generated DEK before storing it, and
  - Each time a DEK needs to be decrypted before use
 
-Thus, you can use a hierarchy of keys to minimize calls to the Key Manager API (or any remote key mangement service), which can slow down your application and incur charges.
+Thus, you can use a hierarchy of keys to minimize calls to the Key Manager API (or any remote key management service), which can slow down your application and incur charges.
 
 In the example below, the application only needs to call Key Manager once to decrypt the DEK Master Key. All subsequent decryption of DEKs happens locally, which improves efficiency.
 
@@ -258,7 +258,7 @@ ct2, _ := dek2AEAD.Encrypt([]byte("this is another secret"), []byte("id43"))
  Your DEK and KEK do not need to use the same algorithm and cipher.
 </Message>
 
-The example above can work for most use cases. However, there is no "one fits all" approach to create the right key hierarchy. It is up to you to decide on a hierarchy that suits you best,according to your application needs and constraints.
+The example above can work for most use cases. However, there is no "one fits all" approach when creating the right key hierarchy. It is up to you to decide on a hierarchy that suits you best, according to your application needs and constraints.
 
 
 <Message type="important">
diff --git a/identity-and-access-management/key-manager/concepts.mdx b/identity-and-access-management/key-manager/concepts.mdx
index 040c891ca6..ad6215f5d1 100644
--- a/identity-and-access-management/key-manager/concepts.mdx
+++ b/identity-and-access-management/key-manager/concepts.mdx
@@ -43,7 +43,7 @@ A data encryption key is a type of key that can be used outside Key Manager to e
 
 Key Manager generates DEKs on-demand. They are then encrypted by a [key encryption key](#key-encryption-key-kek) specified by the user, and forwarded to the recipient.
 
-DEKs are **not stored in or managed by Key Manager**. The user is reponsible for safely storing and managing DEKs. DEKs should have the same lifecycle as the [payload](#payload) they encrypt**.
+DEKs are **not stored in or managed by Key Manager**. Users are responsible for safely storing and managing DEKs. DEKs should have the same lifecycle as the [payload](#payload) they encrypt**.
 
 ## Decryption
 
@@ -149,4 +149,4 @@ Symmetric encryption is a fundamental type of cryptographic method where the sam
 
 Because symmetric encryption relies on a single key, it is generally fast and ideal for encrypting large volumes of data. However, its security depends entirely on keeping the key confidential.
 
-Symmetric encryption algorithms like AES are widely used in scenarios where speed and efficiency are critical. As of now, Key manager only supports the `AES_256_GCM` symmetric encryption algorithm.
\ No newline at end of file
+Symmetric encryption algorithms like AES are widely used in scenarios where speed and efficiency are critical. As of now, Key Manager only supports the `AES_256_GCM` symmetric encryption algorithm.
\ No newline at end of file
diff --git a/identity-and-access-management/key-manager/how-to/rotate-km-keys.mdx b/identity-and-access-management/key-manager/how-to/rotate-km-keys.mdx
index 400d5e5c23..70990beca3 100644
--- a/identity-and-access-management/key-manager/how-to/rotate-km-keys.mdx
+++ b/identity-and-access-management/key-manager/how-to/rotate-km-keys.mdx
@@ -26,7 +26,7 @@ This reduces the risk of exposure if a key is compromised, thus enhancing the ov
 ## How to perform key rotation
 
 1. Click Key Manager in the **Security and Identity section** of the [Scaleway console](https://console.scaleway.com) side menu. Your keys display.
-2. Click the key to perform the rotation on. Your key's **Overview** tab displays.
+2. Click the key you want to rotate. Your key's **Overview** tab displays.
 3. Scroll down to the **Key rotation** section, and click **Rotate key**. A tooltip displays to confirm the rotation was performed.
     <Message type="note">
      Rotating your key creates a new version of it. All cryptographic operations will use the new key rotation. All data encrypted with former key versions will remain decipherable with the former key.
diff --git a/identity-and-access-management/key-manager/reference-content/differences-key-and-secret-manager.mdx b/identity-and-access-management/key-manager/reference-content/differences-key-and-secret-manager.mdx
index efc30e7934..44529905c8 100644
--- a/identity-and-access-management/key-manager/reference-content/differences-key-and-secret-manager.mdx
+++ b/identity-and-access-management/key-manager/reference-content/differences-key-and-secret-manager.mdx
@@ -16,7 +16,7 @@ categories:
 
 
 Secret Manager and Key Manager are both security-focused products aiming to help you protect your data and improve the security of your infrastructure.
-The difference between th two of them is not always clear, and you may be unsure which one is most appropriate for your use-case.
+The difference between the two of them is not always clear, and you may be unsure which one is most appropriate for your use-case.
 
 This page helps you answer that question.
 
@@ -40,7 +40,7 @@ However, this approach can lead to serious security problems such as:
  - inadvertently storing your keys in plaintext, or exposing them (e.g. in logs)
  - incorrect (re-)use of keys: your application would be responsible for using the key correctly,
    which is harder than it first seems.
- - not disposing of the key properly after use (e.g. letting it reside in swap disk)
+ - not disposing of the key properly after use (e.g. letting it reside in the swap disk)
 
 These are typical key management problems that are not effectively solved by Secret Manager, hence the need for Key Manager.
 
@@ -53,7 +53,7 @@ the ciphertext to be decrypted. Your application is no longer responsible for ma
 Last, but not least, Key Manager provides another way of authorizing certain actions. You might want to authorize some principals only to encrypt data, and others
 only to decrypt data.
 
-Let us take the example of an application that receives sensitive health data that needs to be encrypted before being inserted into a database.The application would be able to ask Key Manager
+Let us take the example of an application that receives sensitive health data that needs to be encrypted before being inserted into a database. The application would be able to ask Key Manager
 to carry out encryption operations, but not decryption operations, so it cannot read the sensitive data already stored.
 
 This would not be possible to achieve with Secret Manager, since both writing and reading applications would need permissions to read the key from Secret Manager, which is sufficient to both encrypt and decrypt the data.
diff --git a/identity-and-access-management/key-manager/reference-content/understanding-key-manager.mdx b/identity-and-access-management/key-manager/reference-content/understanding-key-manager.mdx
index f2b1d56140..ee656f10d3 100644
--- a/identity-and-access-management/key-manager/reference-content/understanding-key-manager.mdx
+++ b/identity-and-access-management/key-manager/reference-content/understanding-key-manager.mdx
@@ -13,27 +13,25 @@ categories:
   - identity-and-access-management
 ---
 
-## How does Key Manager work?
+## How to use Key Manager?
 
-You will find a diagram in the box below on best practices for how Key Manager works.
-
-It is recommended to use keys stored in Key Manager as [key encryption keys (KEK)](/identity-and-access-management/key-manager/concepts/#key-encryption-key-kek), which are used to encrypt and decrypt [data encryption keys (DEKs)](/identity-and-access-management/key-manager/concepts/#data-encryption-key-dek) stored on the client side.
+We recommend using the keys you store in Key Manager as [key encryption keys (KEK)](/identity-and-access-management/key-manager/concepts/#key-encryption-key-kek), and use them to encrypt and decrypt your [data encryption keys (DEK)](/identity-and-access-management/key-manager/concepts/#data-encryption-key-dek). We do not recommend storing your data encryption keys in Key Manager.
 
 <Lightbox src="scaleway-key-manager-schema.webp" alt="Key Manager hierarchy diagram showing how Key Manager works. Key Manager encrypts data through a hierarchical process: internally, a root encryption key encrypts the key encryption key, which then encrypts a data encryption key either generated by Key Manager or users. Users can then encrypt their payload using the data encryption key." />
 
 ## Why use data encryption keys?
 
-Unlike key encryption keys, which cannot be accessed, you can use data encryption keys (DEK) to encrypt your data. You can also use data encryption keys outside of Scaleway Key Manager.
+Unlike key encryption keys (KEK), which cannot be accessed, you can use data encryption keys (DEK) to encrypt your data. You can also use data encryption keys outside of Scaleway Key Manager.
 
 The main benefit of using DEKs is that you do not have to re-encrypt your data at each rotation performed in Key Manager. Only the DEK needs to be re-encrypted with a new KEK.
 
 By rotating solely the KEK, the security of data-at-rest is reinforced without needing heavy encryption operations.
 
-When Key Manager generates data encryption keys, a [plaintext](/identity-and-access-management/key-manager/concepts/#plaintext) version of your key is retunred for immediate use, and a [ciphertext](/identity-and-access-management/key-manager/concepts/#ciphertext), which is an encrypted copy of the data encryption key, that you can safely store.
+When Key Manager generates data encryption keys, a [plaintext](/identity-and-access-management/key-manager/concepts/#plaintext) version of your key is returned for immediate use, and a [ciphertext](/identity-and-access-management/key-manager/concepts/#ciphertext), which is an encrypted copy of the data encryption key, that you can safely store.
 
     <Message type="important">
      - Never store your data encryption key's plaintext. When you want to decrypt your data, you need to go through Key Manager to decrypt the encrypted DEK. Find out [how to decrypt your data with Tink](/identity-and-access-management/key-manager/api-cli/manage-keys-with-tink/).
-     - While Scaleway Key Manager is responsible for generating, encrypting, and decrypting data encryption keys, it does not store, manage, or monitor them, nor does it engage in cryptographic operations with these keys. **You must use and manage data encryption keys outside of Scaleway's Key Manager**.
+     - While Scaleway Key Manager is responsible for **generating, encrypting, and decrypting data encryption keys**, it **does not store, manage, or monitor them**, nor does it engage in cryptographic operations with these keys. **You must use and manage data encryption keys outside of Scaleway's Key Manager**.
     </Message>
 
 ## What is the difference between ciphertext and plaintext?
@@ -88,7 +86,7 @@ The following parameters, in compliance with the [recommendations of ANSSI](http
 
 ### Key derivation algorithm
 
-Key Manager uses HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in [RFC 5869](https://datatracker.ietf.org/doc/html/rfc5869) with [SHA-256](https://www.rfc-editor.org/rfc/rfc4868.html#section-2) as hash function.
+Key Manager uses HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in [RFC 5869](https://datatracker.ietf.org/doc/html/rfc5869) with [SHA-256](https://www.rfc-editor.org/rfc/rfc4868.html#section-2) as the hash function.
 
 ### Key material