aws-powertools
diff --git a/‎docs/utilities/data_masking.md‎
Lines changed: 12 additions & 12 deletions b/‎docs/utilities/data_masking.md‎
Lines changed: 12 additions & 12 deletions
@@ -5,7 +5,7 @@ description: Utility
 
 <!-- markdownlint-disable MD051 -->
 
-The data masking utility provides a simple solution to obfuscate (mask or encrypt) incoming data so that sensitive information is not passed downstream or logged.
+The data masking utility provides a simple solution to mask or encrypt incoming data so that sensitive information is not passed downstream or logged.
 
 ```mermaid
 stateDiagram-v2
@@ -39,7 +39,7 @@ stateDiagram-v2
 
 ## Terminology
 
-**Masking** irreversibly replaces sensitive information with a non-sensitive placeholder or mask. For example, display the last four digits of a credit card number as `"**** **** **** 1234"`.
+**Masking** replaces sensitive information **irreversibly** with a non-sensitive placeholder. For example, display the last four digits of a credit card number as `"**** **** **** 1234"`.
 
 **Encrypting** transforms plaintext into ciphertext using an encryption algorithm and a cryptographic key. Encryption can be reversed with the correct decryption key. This allows you to encrypt any PII (personally identifiable information) and make sure only the users with appropirate permissions can decrypt it to view the plaintext.
 
@@ -53,18 +53,18 @@ If not using any encryption services and only masking data, your Lambda function
 
 #### Using AWS Encryption SDK
 
-To use the AWS Encryption SDK, your Lambda function IAM Role must have `kms:Decrypt` and `kms:GenerateDataKey` IAM permissions.
+To use the AWS Encryption SDK, your Lambda function IAM Role must have the `kms:Decrypt` and `kms:GenerateDataKey` IAM permissions.
 
 You must also have an AWS KMS key with full read/write permissions. You can create one and learn more on the [AWS KMS console](https://us-east-1.console.aws.amazon.com/kms/home?region=us-east-1#/kms/home){target="_blank" rel="nofollow"}.
 
 #### Using a custom encryption provider
 
-For any other encryption provider, make sure to have the permissions for your role that it requires.
+If using your own encryption provider, make sure to have the necessary resources and permissions for your Lambda function's role.
 
 ### Working with nested data
 
 #### JSON
-When using the data masking utility with dictionaries or JSON strings, you can provide a list of keys to obfuscate the corresponding values. If no fields are provided, the entire data object will be masked or encrypted. You can obfuscate values of nested keys by using dot notation.
+When using the data masking utility with dictionaries or JSON strings, you can provide a list of keys to obfuscate the corresponding values. If no fields are provided, the entire data object will be masked or encrypted. You can select values of nested keys by using dot notation.
 
 ???+ note
  If you're using our example [AWS Serverless Application Model (SAM) template](#using-a-custom-encryption-provider), you will notice we have configured the Lambda function to use a memory size of 1024 MB. We compared the performances of Lambda functions of several different memory sizes and concluding 1024 MB was the most optimal size for this feature. For more information, you can see the full reports of our [load tests](https://github.com/aws-powertools/powertools-lambda-python/pull/2197#issuecomment-1730571597) and [traces](https://github.com/aws-powertools/powertools-lambda-python/pull/2197#issuecomment-1732060923).
@@ -142,11 +142,11 @@ You have the option to modify some of the configurations we have set as defaults
 
 The `CACHE_CAPACITY` value is currently set to `100`. This value represents the maximum number of entries that can be retained in the local cryptographic materials cache. Please see the [AWS Encryption SDK documentation](https://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.caches.local.html){target="_blank" rel="nofollow"} for more information.
 
-The `MAX_CACHE_AGE_SECONDS` value is currently set to `300`. It represents the maximum time (in seconds) that a cache entry may be kept in the cache. Please see the [AWS Encryption SDK documentation](https://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.materials_managers.caching.html#module-aws_encryption_sdk.materials_managers.caching){target="_blank" rel="nofollow"} for more information about this.
+The `MAX_CACHE_AGE_SECONDS` value is currently set to `300`. This represents the maximum time (in seconds) that a cache entry may be kept in the cache. Please see the [AWS Encryption SDK documentation](https://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.materials_managers.caching.html#module-aws_encryption_sdk.materials_managers.caching){target="_blank" rel="nofollow"} for more information about this.
 
 #### Limit messages
 
-The `MAX_MESSAGES_ENCRYPTED` value is currently set to `200`. It represents the maximum number of messages that may be encrypted under a cache entry. Please see the [AWS Encryption SDK documentation](https://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.materials_managers.caching.html#module-aws_encryption_sdk.materials_managers.caching){target="_blank" rel="nofollow"} for more information about this.
+The `MAX_MESSAGES_ENCRYPTED` value is currently set to `200`. This represents the maximum number of messages that may be encrypted under a cache entry. Please see the [AWS Encryption SDK documentation](https://aws-encryption-sdk-python.readthedocs.io/en/latest/generated/aws_encryption_sdk.materials_managers.caching.html#module-aws_encryption_sdk.materials_managers.caching){target="_blank" rel="nofollow"} for more information about this.
 
 ### Create your own encryption provider
 
@@ -188,16 +188,16 @@ Here is an example of implementing a custom encryption using an external encrypt
  --8<-- "examples/data_masking/src/generic_data_input.json"
  ```
 
+=== "custom_provider.py"
+ ```python hl_lines="1 3 6 8"
+ --8<-- "examples/data_masking/src/custom_data_masking_provider.py"
+ ```
+
 === "working_with_own_provider.py"
  ```python hl_lines="1-2 9-10"
  --8<-- "examples/data_masking/src/working_with_own_provider.py"
  ```
 
-=== "custom_provider.py"
- ```python hl_lines="1 3 8"
- --8<-- "examples/data_masking/src/custom_data_masking_provider.py"
- ```
-
 === "encrypted_output.json"
  ```json hl_lines="5-7 12"
  --8<-- "examples/data_masking/src/encrypt_data_output.json"