diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml
index 08a2a1de2378b0949ca9edf931aee486b7d96541..dc1fe4f623201da13608284c6198bab6b88e735f 100644
--- a/private_repo/ansible/inventory/dev/Core/secrets.yml
+++ b/private_repo/ansible/inventory/dev/Core/secrets.yml
@@ -23,8 +23,9 @@ core_vault_proxy_site_crt: |+
 core_vault_sunbird_api_auth_token: # Take the jwt token of api-admin consumer from Jenkins job console output after running OnboardConsumers - Use the same value in DP secrets.yml also for the variable sunbird_api_auth_token
 
 core_vault_sunbird_sso_publickey: # Public key of keycloak sunbird realm, update this post keycloak deployment.  See below for steps
-# SSH tunnel to the keycloak VM by running ssh -L 8080:localhost:8080 ops@~Keycloak-VM-IP
-# If you cannot tunnel directly to keycloak VM, then tunnel to Jenkins first and then tunnel to keycloak from jenkins
+# SSH tunnel to the keycloak VM by running ssh -L 8080:localhost:8080 deployer@Keycloak-VM-IP
+# If you cannot tunnel directly to Keycloak VM, then tunnel to Jenkins first and then tunnel to Keycloak VM from jenkins
+# Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/clients -> lms -> service account roles -> Click on client roles drop down -> Select realm-management -> Select manage-users in Available Roles -> Click on Add selected
 # Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/keys
 # Click on Public Key and update the variable