diff --git a/confidential-datahub/docs/SEALED_SECRET.md b/confidential-datahub/docs/SEALED_SECRET.md
index e4e38c6be..15ca023a4 100644
--- a/confidential-datahub/docs/SEALED_SECRET.md
+++ b/confidential-datahub/docs/SEALED_SECRET.md
@@ -26,6 +26,7 @@ Secrets.
 This kind of secret uses envelope encryption scheme. A wrapping key is used
 to encrypt the plaintext secret value. A sealing key insde a KMS is used to
 seal the wrapping key. That is
+
 $```
 Sealed Secret := \{Enc_{kms key}(Wrapping Key), Enc_{Wrapping Key}(secret value)\}
 ```$
@@ -54,7 +55,7 @@ Here,
 - `provider`: indicates the provider of the __kms key__. This field determines
 how to use the `annotations` field and `key_id` field to decrypt the `encrypted_key`
 - `key_id`: To uniquely distinguish the __kms key__ used to encrypt the __wrapping key__,
-which is always used by the provider plugin.
+which is always used by the provider d'r'i'v'e'r.
 - `encrypted_key`: Encrypted __wrapping key__ by the `provider`. Base64 encoded.
 - `encrypted_data`: Encrypted __secret value__ by the `encrypted_key`. Base64 encoded.
 - `wrap_type`: The algorithm used by __wrapping key__ to encrypt the __secret value__.
@@ -86,7 +87,7 @@ Here,
 - `type`: MUST be `vault`, indicating this is a Vault type Sealed Secret.
 - `provider`: indicates the provider of the __secret value__. This field determines
 how to use the `annotations` field and `name` field to get the plaintext of __secret value__.
-- `name`: To uniquely distinguish the __secret value__, which is always used by the provider plugin.
+- `name`: To uniquely distinguish the __secret value__, which is always used by the provider driver.
 - `annotations`: A key-value Map. Vault specific information used by the provider driver to
 get the plaintext of the __secret value__.