docs: Clarify namespace from which keyvault credential secret is fetc…

content/docs/2.7/concepts/authentication.md

@@ -234,7 +234,7 @@ The `secrets` list defines the mapping between the key vault secret and the auth
 You can use pod identity providers `azure` or `azure-workload` to authenticate to the key vault by specifying it in the
 `TriggerAuthentication` / `ClusterTriggerAuthentication` definition.
 
-If you do not wish to use a pod identity provider, you need to register an [application](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) with Azure Active Directory and specify its credentials. The `clientId` and `tenantId` for the application are to be provided as part of the spec. The `clientSecret` for the application is expected to be within a secret on the cluster.
+If you do not wish to use a pod identity provider, you need to register an [application](https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals) with Azure Active Directory and specify its credentials. The `clientId` and `tenantId` for the application are to be provided as part of the spec. The `clientSecret` for the application is expected to be within a kubernetes secret in the same namespace as the authentication resource.
 
 Ensure that "read secret" permissions have been granted to the managed identity / Azure AD application on the Azure Key Vault. Learn more in the Azure Key Vault [documentation](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal).