diff --git a/docs/velos_f5os_configuration_backup_and_restore.rst b/docs/velos_f5os_configuration_backup_and_restore.rst
index 05949bc..b2b4491 100644
--- a/docs/velos_f5os_configuration_backup_and_restore.rst
+++ b/docs/velos_f5os_configuration_backup_and_restore.rst
@@ -21,20 +21,73 @@ At the chassis partition level, the F5OS configuration contains data that includ
 
 •	Portgroups of the assigned slots/nodes/blades
 •	Virtual Local Area Networks (VLANs)
+•	Interfaces/LAGs
 •	Logging setup
 •	Authentication servers
 •	Product license
 •	HA setup
+•	Tenant configuration
+
+Note: The tenant configuration contains tenant name, type, image, management IP address, gateway, VLANs, assigned vCPUs, memory, storage size, and so on. It does not include the BIG-IP configuration within the tenant. To create a backup copy of the BIG-IP configuration of the tenant, you must perform the backup in the tenant itself. For information, refer to:
+
+`K13132: Backing up and restoring BIG-IP configuration files with a UCS archive <https://support.f5.com/csp/article/K13132>_`
 
 To perform a complete backup of the VELOS system, you must:
 
-•	Back up the configuration data at the system controller and at each chassis partition.
-•	Back up any deployed tenants using the tenants’ backup mechanism (i.e. a UCS).
+•	Back up the F5OS configuration data at the system controller layer
+•	Back up the F5OS configuration data at each chassis partition
+•	Back up any deployed tenants using the tenant's backup mechanism (i.e. a UCS).
 
 More detail is covered in the following solution article:
 
 `K50135154: Back up and restore the F5OS-C configuration on a VELOS system <https://support.f5.com/csp/article/K50135154>`_
 
+Setting the Primary Key on F5OS
+===============================
+
+The F5 VELOS system uses a primary key to encrypt highly sensitive passwords/passphrases in the configuration database, such as:
+
+•	Tenant unit keys used for TMOS Secure Vault
+•	The F5OS API Service Gateway TLS key
+•	Stored iHealth credentials
+•	Stored AAA server credentials
+
+The primary key is randomly generated by F5OS during initial installation. You should set the primary key to a known value prior to performing a configuration backup. If you restore a configuration backup on a different VELOS device, e.g. during an RMA replacement, you must first set the primary key passphrase and salt on the destination device to the same value as the source device. If this is not done correctly, the F5OS configuration restoration may appear to succeed but produce failures later when the system attempts to decrypt and use the secured parameters.
+
+You should periodically change the primary key for additional security. If doing so, please note that a configuration backup is tied to the primary key at the time it was generated. If you change the primary key, you cannot restore older configuration backups without first setting the primary key to the previous value, if it is known. More details are provided in the solution article below.
+
+
+.. code-block:: bash
+
+    syscon-1-active(config)# system aaa primary-key set passphrase               
+    Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): **************
+    Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): **************
+    Value for 'salt' (<string, min: 6 chars, max: 255 chars>): **************
+    Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): **************
+    response Info: Key migration is initiated. Use 'show system aaa primary-key state status' to get status
+
+    syscon-1-active(config)#
+
+You can view the status of the primary-key being set with the **show system aaa primary-key state status** CLI command.
+
+.. code-block:: bash
+
+    syscon-1-active# show system aaa primary-key state status
+    system aaa primary-key state status "IN_PROGRESS        Initiated: Tue Apr  9 19:46:14 2024"
+    
+    syscon-1-active# show system aaa primary-key state status
+    system aaa primary-key state status "COMPLETE        Initiated: Tue Apr  9 19:46:14 2024"
+    syscon-1-active# 
+
+Note that the hash key can be used to check and compare the status of the primary-key on both the source and the replacement devices if restoring to a different device. To view the current primary-key hash, issue the following CLI command.
+
+.. code-block:: bash
+
+    syscon-1-active# show system aaa primary-key state
+    system aaa primary-key state hash aNSWX6Xl8+dFx94JMRbySD/d/AJ8RarqJ+fedD#57bDxRF0cTgGFcZvMY415eDeAJjZlXp1qGuKI7CDmxNrnhw==
+    system aaa primary-key state status "COMPLETE        Initiated: Tue Apr  9 19:46:14 2024"
+    syscon-1-active#
+
 Backing Up the System Controller Database
 =========================================
 
@@ -1599,6 +1652,11 @@ You can use the **System Settings -> File Utilities** page to import archives fr
 Restoring Chassis Partitions from Database Backups
 ==================================================
 
+Once the archived chassis partition configs have been copied into the partition, you can then restore them using the procedures in this section.
+
+Restoring Chassis Partitions from Database Backups via CLI
+----------------------------------------------------------
+
 To restore a configuration database backup within a chassis partition, use the **system database config-restore** command inside the chassis partition. Note that a newly restored chassis partition will not have any tenant images loaded so tenants will show a **Pending** status until the proper image is loaded for that tenant.
 
 .. code-block:: bash
diff --git a/docs/velos_security.rst b/docs/velos_security.rst
index 1f8511e..2e3c56a 100644
--- a/docs/velos_security.rst
+++ b/docs/velos_security.rst
@@ -194,14 +194,31 @@ To set the primary-key issue the following command in config mode.
 
 .. code-block:: bash
 
-    system aaa primary-key set passphrase <passphrase string> confirm-passphrase <passphrase string> salt <salt string> confirm-salt <salt string>
+    syscon-1-active(config)# system aaa primary-key set passphrase               
+    Value for 'passphrase' (<string, min: 6 chars, max: 255 chars>): **************
+    Value for 'confirm-passphrase' (<string, min: 6 chars, max: 255 chars>): **************
+    Value for 'salt' (<string, min: 6 chars, max: 255 chars>): **************
+    Value for 'confirm-salt' (<string, min: 6 chars, max: 255 chars>): **************
+    response Info: Key migration is initiated. Use 'show system aaa primary-key state status' to get status
+
+    syscon-1-active(config)#
+
+You can view the status of the primary-key being set with the **show system aaa primary-key state status** CLI command.
+
+.. code-block:: bash
+
+    syscon-1-active# show system aaa primary-key state status
+    system aaa primary-key state status "IN_PROGRESS        Initiated: Tue Apr  9 19:46:14 2024"
+    syscon-1-active# show system aaa primary-key state status
+    system aaa primary-key state status "COMPLETE        Initiated: Tue Apr  9 19:46:14 2024"
+    syscon-1-active# 
 
 Note that the hash key can be used to check and compare the status of the primary-key on both the source and the replacement devices if restoring to a different device. To view the current primary-key hash, issue the following CLI command.
 
 .. code-block:: bash
 
     syscon-2-active# show system aaa primary-key 
-    system aaa primary-key state hash sj2GslitH9XYbmW/cpY0TJhMWkU+CpvAU9vqoiL4aZcfE6qnSUDU3PWx+lCZO5KrqVzlWu/3mRugCNniNyQhSA==
+    system aaa primary-key state hash sj2GslitH9XY14h/cpY0TJhMWkU+CpvAU9vxxiL4aZcfE6qnSUDU3PWx+lCZO5KrqVzlWu/3mRugCNniNyQhSA==
     system aaa primary-key state status NONE
     syscon-2-active#