diff --git a/blueprints/secops/bindplane-gke/README.md b/blueprints/secops/bindplane-gke/README.md
index b90ca74bd6..85de48b36d 100644
--- a/blueprints/secops/bindplane-gke/README.md
+++ b/blueprints/secops/bindplane-gke/README.md
@@ -53,6 +53,10 @@ See the example test at the end of this README.md as starting point - just
copy it to `terraform.tfvars` and edit the latter. See the variables
documentation below.
+> **Warning**
+>
+> BindPlane secrets (such as license and admin password) specified as variables within this Terraform configuration will be stored in plain text within the Terraform state file.
+
#### Step 3: Prepare the providers in the root module
Setup terraform providers in the root module to deal with kubernetes resources as follows:
@@ -104,16 +108,16 @@ Access the management console leveraging credentials bootstrapped via terraform
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [bindplane_secrets](variables.tf#L26) | Bindplane secrets. | object({…})
| ✓ | |
-| [network_config](variables.tf#L58) | Shared VPC network configurations to use for GKE cluster. | object({…})
| ✓ | |
-| [prefix](variables.tf#L80) | Prefix used for resource names. | string
| ✓ | |
-| [project_id](variables.tf#L99) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
-| [region](variables.tf#L104) | GCP region. | string
| ✓ | |
+| [bindplane_secrets](variables.tf#L26) | Bindplane secrets. | object({…})
| ✓ | |
+| [network_config](variables.tf#L57) | Shared VPC network configurations to use for GKE cluster. | object({…})
| ✓ | |
+| [prefix](variables.tf#L79) | Prefix used for resource names. | string
| ✓ | |
+| [project_id](variables.tf#L98) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
+| [region](variables.tf#L103) | GCP region. | string
| ✓ | |
| [bindplane_config](variables.tf#L17) | Bindplane config. | object({…})
| | {}
|
-| [cluster_config](variables.tf#L37) | GKE cluster configuration. | object({…})
| | {}
|
-| [dns_config](variables.tf#L48) | DNS config. | object({…})
| | {}
|
-| [postgresql_config](variables.tf#L70) | Cloud SQL postgresql config. | object({…})
| | {}
|
-| [project_create](variables.tf#L90) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
+| [cluster_config](variables.tf#L36) | GKE cluster configuration. | object({…})
| | {}
|
+| [dns_config](variables.tf#L47) | DNS config. | object({…})
| | {}
|
+| [postgresql_config](variables.tf#L69) | Cloud SQL postgresql config. | object({…})
| | {}
|
+| [project_create](variables.tf#L89) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
## Outputs