diff --git a/docs/modules/secret-operator/pages/secretclass.adoc b/docs/modules/secret-operator/pages/secretclass.adoc
index 172d4841..4c257c22 100644
--- a/docs/modules/secret-operator/pages/secretclass.adoc
+++ b/docs/modules/secret-operator/pages/secretclass.adoc
@@ -114,8 +114,11 @@ spec:
           rsa:
             length: 4096
       additionalTrustRoots:
+        - configMap:
+            name: trust-roots-configmap
+            namespace: default
         - secret:
-            name: trust-roots
+            name: trust-roots-secret
             namespace: default
       maxCertificateLifetime: 15d # optional
 ----
@@ -129,12 +132,17 @@ spec:
 `autoTls.ca.keyGeneration`:: Configures how keys should be generated.
 `autoTls.ca.keyGeneration.rsa`:: Declares that keys should be generated using the RSA algorithm.
 `autoTls.ca.keyGeneration.rsa.length`:: The amount of bits used for generating the RSA key pair. Currently, `2048`, `3072` and `4096` are supported. Defaults to `2048` bits.
-`additionalTrustRoots`:: Configures additional trust roots which are added to the CA files or truststores in the provisioned volume mounts.
-`additionalTrustRoots.secret`::
-    Reference (`name` and `namespace`) to a K8s `Secret` object where the trusted certificates are stored.
+`autoTls.additionalTrustRoots`:: Configures additional trust roots which are added to the CA files or truststores in the provisioned volume mounts.
+`autoTls.additionalTrustRoots.configMap`::
+    Reference (`name` and `namespace`) to a K8s `ConfigMap` object where trusted certificates are stored.
+    The extension of a key defines its content:
+    * `.crt` denotes a stack of PEM (base64-encoded DER) certificates.
+    * `.der` denotes a binary DER certificate.
+`autoTls.additionalTrustRoots.secret`::
+    Reference (`name` and `namespace`) to a K8s `Secret` object where trusted certificates are stored.
     The extension of a key defines its content:
     * `.crt` denotes a stack of PEM (base64-encoded DER) certificates.
-    * `.der` denotes a a binary DER certificates.
+    * `.der` denotes a binary DER certificate.
 `autoTls.maxCertificateLifetime`:: Maximum lifetime the created certificates are allowed to have. In case consumers request a longer lifetime than allowed by this setting, the lifetime will be the minimum of both.
 
 [#backend-certmanager]