bcgov · caggles · Sep 18, 2023 · Sep 18, 2023 · Sep 18, 2023 · Sep 18, 2023
diff --git a/src/docs/build-deploy-and-maintain-apps/push-pull-artifacts-artifactory.md b/src/docs/build-deploy-and-maintain-apps/push-pull-artifacts-artifactory.md
@@ -34,21 +34,19 @@ To test your account and start to pull locally, do the following:
 1. On the command line, log in to the registry. Type the following:
 
 ```bash
-docker login -u <USER_NAME> -p <USER_PASSWORD> artifacts.developer.gov.bc.ca/<REPO_NAME>
+docker login -u <USER_NAME> -p <USER_PASSWORD> artifacts.developer.gov.bc.ca
 ```
 
-For example, the DockerHub caching repository looks like this:
+2. Pull from the registry on your local machine. Do this for local development and to test your account credentials. Type the following:
 
 ```bash
-docker login -u <USER_NAME> -p <USER_PASSWORD> artifacts.developer.gov.bc.ca/docker-remote
+docker pull artifacts.developer.gov.bc.ca/<REPO_NAME>/<IMAGE>:<TAG>
 ```
-
-2. Pull from the registry on your local machine. Do this for local development and to test your account credentials. Type the following:
+**Note**: The `REPO_NAME` is unique to each docker repository and must be a part of the URL to pull or push from docker registries hosted in Artifactory. For example, if you were to pull an image from the DockerHub registry through Artifactory, the command would look like this:
 
 ```bash
-docker pull artifacts.developer.gov.bc.ca/<REPO_NAME>/<IMAGE>:<TAG>
+docker pull artifacts.developer.gov.bc.ca/docker-remote/<IMAGE>:<TAG>
 ```
-**Note**: The `REPO_NAME` is unique to each docker repository and must be a part of the URL to pull or push from docker registries hosted in Artifactory.
 
 ### Pull from Artifactory in OpenShift
 

diff --git a/src/docs/build-deploy-and-maintain-apps/setup-artifactory-project-repository.md b/src/docs/build-deploy-and-maintain-apps/setup-artifactory-project-repository.md
@@ -79,7 +79,9 @@ Once you have your Artifactory project you can add repositories and users, adjus
 
 **Note**: To use an existing Artifactory service account with your new Artifactory project, you must add that service account to the project. If you created the `ArtifactoryProject` object in the same OpenShift namespace as an existing `ArtifactoryServiceAccount` object, the related service account isn't automatically given access to the project.
 
-To use these features, enter the project in the Artifactory UI. Log in and expand **All**. Choose your new project to go to that project space. If you don't see your new project, it may be because of one of the following:
+To use these features, go to `artifacts.developer.gov.bc.ca` and login using your IDIR or GitHub account. Select your project name from the dropdown found at the top of the page. 
+
+If you don't see your new project, it may be because of one of the following:
 * You may not be an administrator in the applicable OpenShift namespace. Ask one of the administrators to add you to the project.
 * You may not have logged in to Artifactory before creating the project. Contact the Platform Services team to fix the issue. You can reach out in the `#devops-artifactory` or `#devops-how-to` channels in Rocket.Chat.
 
@@ -92,12 +94,12 @@ Once you've gotten your project, make sure to add your own service account to th
 To add a new user account to your project, do the following:
 1. Click the gear at the top of the menu on the left, then choose **Identity and Access Members**. Click **Add Member**.
 2. On the **Users** tab, search for a username.
-3. Add a user with their IDIR or GitHub ID. The user has to have already signed into Artifactory's GUI at least once. If the user hasn't done so yet, tell them to.
+3. Add a user with their IDIR or GitHub ID, or a service account with the name found in the generated secret (see our [Service Account documentation](/setup-artifactory-service-account/) for details). The user has to have already signed into Artifactory's GUI at least once. If the user hasn't done so yet, tell them to.
 
-You can also add any Artifactory service account and select multiple users to add them all at once. Then, specify the role you want to grant them.
+You can also select multiple users to add them all at once. Then, specify the role you want to grant them.
 * **Contributor**: Service accounts are commonly given this role.
-* **Developer**: Assign this role if you want a service account to manage artifacts.
-* **Administrator**: Assign this role if you want a service account to manage access to the project.
+* **Developer**: Assign this role if you want a user or service account to manage artifacts.
+* **Administrator**: Assign this role if you want a user to manage access to the project. This role is not recommended for service accounts.
 
 You can also add additional roles to the project, if you want more finely-tuned control over who gets access to what.
 

diff --git a/src/docs/build-deploy-and-maintain-apps/setup-artifactory-service-account.md b/src/docs/build-deploy-and-maintain-apps/setup-artifactory-service-account.md
@@ -43,12 +43,14 @@ When referring to service accounts, keep in mind the following differences:
 * `ArtifactoryServiceAccount` refers to an OpenShift object with type `ArtifactoryServiceAccount`. This is a custom resource that the Platform Services team created in OpenShift.
 * Artifactory "service account" refers to the actual account that exists inside the Artifactory software, which you can then use to interact with Artifactory's features. While closely related to each other, they're not the same.
 
-If you have a project set somewhere in the OpenShift 4 clusters, you already have a service account.
+If you have a project set somewhere in the Silver or Emerald clusters, you already have a service account.
 
 An `ArtifactoryServiceAccount` object is created in the appropriate `tools` namespace, which the Artifactory Operator then actions. One such `ArtifactoryServiceAccount` object is created automatically as part of namespace provisioning and has the name `default`.
 
 There's a random license plate assigned to the end of each object name, in order to ensure uniqueness. Collect this information by running `oc describe artsvcacct default`. This also provides some information about reconciliation status, as well as other details about the account. If you need support with the Artifactory service account object, include the spec and status information in your ticket.
 
+If you are working in Gold/Gold-DR, please follow the instructions below in order to set up a new Artifactory Service Account. The `default` account is not generated automatically in Gold.
+
 **Note**: `ArtifactoryServiceAccount` objects have two available short-names to make them easier to use in the CLI: `ArtSvcAcct` and `ArtSA`.
 
 You can get the username and password out of the secret using the following command:
@@ -61,9 +63,12 @@ Users with edit and administrator access on the `tools` namespace can also creat
 
 If either of the secrets is deleted manually, the operator can act to change the password of the service account. Then it recreates one or both secrets with the new password. This is an easy method for teams to change their service account passwords.
 
-## Create multiple service accounts
+## Create a new service account
+
 You're able to make as many Artifactory service accounts as you need, in as many namespaces as required. Be aware that Archeobot needs to be able to keep up with the amount you're making.
 
+If you are working in Gold, you will need to create your own service account by following this process at least once.
+
 Run the following command to create a new service account:
 
 `oc process -f https://raw.githubusercontent.com/bcgov/platform-services-archeobot/master/archeobot/config/samples/tmpl-artifactoryserviceaccount.yaml -p NAME="[ASAname]" -p DESCRIPTOR="[Description of Service Account]" | oc create -f -`
@@ -72,6 +77,8 @@ The `ASAname` is the name of the ArtifactoryServiceAccount object. It's not the
 
 For example, if you make an account specifically for use in your Jenkins pipeline, you might want to use the name `jenkins` for the Artifactory Service Account object. This results in a secret called `artifacts-jenkins-[random]` and an account name called `jenkins-[namespace]-[random]`. Don't worry about name collisions with other teams, your account name has your namespace plate in it (the six alphanumeric characters that go before the `-tools`, `-dev`, `-test` or `-prod` in the namespace name), so even if there's another team who called their ArtifactoryServiceAccount `jenkins`, they have a different name.
 
+**Note**: For those working in Gold, please note that you will need to create this `ArtifactoryServiceAccount` object in the Gold cluster. Then, you will need to manually copy the generated secrets into your matching namespace in Gold-DR. This is to prevent edit conflicts between Gold and Gold-DR.
+
 ## Delete a service account
 You can delete a service account by deleting the ArtifactoryServiceAccount object through the OpenShift CLI. Use the following command:
 `oc delete ArtifactoryServiceAccount [ASAname]` or `oc delete artsvcacct [ASAname]`.