diff --git a/958390ab9c7fdcd8ff24ce2410a8664d442c1e3f b/958390ab9c7fdcd8ff24ce2410a8664d442c1e3f
new file mode 100644
index 0000000..21e0fea
--- /dev/null
+++ b/958390ab9c7fdcd8ff24ce2410a8664d442c1e3f
@@ -0,0 +1,21 @@
+{
+  "comments": [
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "ff5ea6f8_6cb69ee9",
+        "filename": "src/actions.yaml",
+        "patchSetId": 10
+      },
+      "lineNbr": 114,
+      "author": {
+        "id": 935
+      },
+      "writtenOn": "2024-01-10T11:36:38Z",
+      "side": 1,
+      "message": "Needs an update for the wording:\n\nProvide an alternative URL for the Certificate Revocation List (CRL) distribution point that is included in all certificates issued by Vault.  This relies on an external process to synchronise certificates revoked in Vault to this external distribution point and should only be used when the Vault infrastructure is not generally accessible to client endpoints used to access services secured by the Vault Intermediate CA.",
+      "revId": "958390ab9c7fdcd8ff24ce2410a8664d442c1e3f",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/b2d1dddc27f8f71382a2ff68f56470b51dcdf986 b/b2d1dddc27f8f71382a2ff68f56470b51dcdf986
index 8f3e1dc..7b4f202 100644
--- a/b2d1dddc27f8f71382a2ff68f56470b51dcdf986
+++ b/b2d1dddc27f8f71382a2ff68f56470b51dcdf986
@@ -149,6 +149,30 @@
       },
       "revId": "b2d1dddc27f8f71382a2ff68f56470b51dcdf986",
       "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
+    },
+    {
+      "unresolved": true,
+      "key": {
+        "uuid": "fa0f12ef_612c0767",
+        "filename": "src/lib/charm/vault_pki.py",
+        "patchSetId": 2
+      },
+      "lineNbr": 206,
+      "author": {
+        "id": 935
+      },
+      "writtenOn": "2024-01-10T11:36:38Z",
+      "side": 1,
+      "message": "I had a think about the singularity question today - I think this is OK and reflects a potential deployment scenario where the Vault infrastructure is not directly accessible from client endpoints using the services that it has issued certificates for.\n\nHaving a global/enterprise CRL distribution point that is generally accessible makes sense in this case - however there is a manual process needed to sync certificates revoked in vault into whatever is managing this different distribution point.\n\nI\u0027ve suggested an updated to the action parameter description to explain this better.",
+      "parentUuid": "d90ea1e8_e2babb72",
+      "range": {
+        "startLine": 206,
+        "startChar": 41,
+        "endLine": 206,
+        "endChar": 42
+      },
+      "revId": "b2d1dddc27f8f71382a2ff68f56470b51dcdf986",
+      "serverId": "4a232e18-c5a9-48ee-94c0-e04e7cca6543"
     }
   ]
 }
\ No newline at end of file