diff --git a/FULL_HELP_DOCS.md b/FULL_HELP_DOCS.md
index 74b648643..16ed660f9 100644
--- a/FULL_HELP_DOCS.md
+++ b/FULL_HELP_DOCS.md
@@ -959,8 +959,8 @@ Add a new identity (keypair, ledger, OS specific secure store)
 
 * `--secret-key` — Add using `secret_key` Can provide with `SOROBAN_SECRET_KEY`
 * `--seed-phrase` — Add using 12 word seed phrase to generate `secret_key`
-* `--secure-store` — Add using secure store entry
-* `--entry-name <ENTRY_NAME>` — Name of the secure store entry
+* `--secure-store` — Add using a key saved in a secure store entry. Requires the entry name to be provided with `--entry_name`
+* `--entry-name <ENTRY_NAME>` — Name of the secure store entry, to be used with `--secure_store`
 * `--global` — Use global config
 * `--config-dir <CONFIG_DIR>` — Location of config directory, default is "."
 
@@ -1008,7 +1008,9 @@ Fund an identity on a test network
 
 ## `stellar keys generate`
 
-Generate a new identity with a seed phrase, currently 12 words
+Generate a new identity with a seed phrase, currently 12 words.
+
+The identity's secret can be stored in a config file (default), in an OS-specific secure store, or be printed out to the console.
 
 **Usage:** `stellar keys generate [OPTIONS] <NAME>`
 
@@ -2016,7 +2018,7 @@ Sign a transaction envelope appending the signature to the envelope
 
 ###### **Options:**
 
-* `--sign-with-key <SIGN_WITH_KEY>` — Sign with a local key. Can be an identity (--sign-with-key alice), a secret key (--sign-with-key SC36…), or a seed phrase (--sign-with-key "kite urban…"). If using seed phrase, `--hd-path` defaults to the `0` path
+* `--sign-with-key <SIGN_WITH_KEY>` — Sign with a local key or a key saved in OS's secure storage. Can be an identity (--sign-with-key alice), a secret key (--sign-with-key SC36…), or a seed phrase (--sign-with-key "kite urban…"). If using seed phrase, `--hd-path` defaults to the `0` path
 * `--hd-path <HD_PATH>` — If using a seed phrase to sign, sets which hierarchical deterministic path to use, e.g. `m/44'/148'/{hd_path}`. Example: `--hd-path 1`. Default: `0`
 * `--sign-with-lab` — Sign with https://lab.stellar.org
 * `--rpc-url <RPC_URL>` — RPC server endpoint
diff --git a/cmd/soroban-cli/src/commands/keys/mod.rs b/cmd/soroban-cli/src/commands/keys/mod.rs
index 4d44c081f..ab0884a1b 100644
--- a/cmd/soroban-cli/src/commands/keys/mod.rs
+++ b/cmd/soroban-cli/src/commands/keys/mod.rs
@@ -21,7 +21,9 @@ pub enum Cmd {
     /// Fund an identity on a test network
     Fund(fund::Cmd),
 
-    /// Generate a new identity with a seed phrase, currently 12 words
+    /// Generate a new identity with a seed phrase, currently 12 words.
+    ///
+    /// The identity's secret can be stored in a config file (default), in an OS-specific secure store, or be printed out to the console.
     Generate(generate::Cmd),
 
     /// List identities
diff --git a/cmd/soroban-cli/src/config/secret.rs b/cmd/soroban-cli/src/config/secret.rs
index 8f0ee8673..1e89097ad 100644
--- a/cmd/soroban-cli/src/config/secret.rs
+++ b/cmd/soroban-cli/src/config/secret.rs
@@ -45,7 +45,7 @@ pub struct Args {
     #[arg(long, conflicts_with = "secret_key", conflicts_with = "secure_store")]
     pub seed_phrase: bool,
 
-    /// Add using secure store entry
+    /// Add using a key saved in a secure store entry. Requires the entry name to be provided with `--entry_name`
     #[arg(
         long,
         requires = "entry_name",
@@ -54,7 +54,7 @@ pub struct Args {
     )]
     pub secure_store: bool,
 
-    /// Name of the secure store entry
+    /// Name of the secure store entry, to be used with `--secure_store`
     #[arg(long, requires = "secure_store")]
     pub entry_name: Option<String>,
 }
diff --git a/cmd/soroban-cli/src/config/sign_with.rs b/cmd/soroban-cli/src/config/sign_with.rs
index 475013bc8..40512fc48 100644
--- a/cmd/soroban-cli/src/config/sign_with.rs
+++ b/cmd/soroban-cli/src/config/sign_with.rs
@@ -34,7 +34,7 @@ pub enum Error {
 #[derive(Debug, clap::Args, Clone, Default)]
 #[group(skip)]
 pub struct Args {
-    /// Sign with a local key. Can be an identity (--sign-with-key alice), a secret key (--sign-with-key SC36…), or a seed phrase (--sign-with-key "kite urban…"). If using seed phrase, `--hd-path` defaults to the `0` path.
+    /// Sign with a local key or a key saved in OS's secure storage. Can be an identity (--sign-with-key alice), a secret key (--sign-with-key SC36…), or a seed phrase (--sign-with-key "kite urban…"). If using seed phrase, `--hd-path` defaults to the `0` path.
     #[arg(long, env = "STELLAR_SIGN_WITH_KEY")]
     pub sign_with_key: Option<String>,