DOCS-829: clarify migration sync and AD certificate discovery coverage

docs/Akeyless Gateway/configure-gateway/gateway-automatic-migration.md

@@ -65,6 +65,26 @@ If the flag is omitted on `gateway-create-migration`, the mode defaults to `full
 
 Set the mode with the `--hashi-metadata-mode` flag on `gateway-create-migration` or `gateway-update-migration`. For full flag reference, see the [Automatic Migration CLI Reference](https://docs.akeyless.io/docs/cli-reference-automatic-migration).
 
+## Automatic Migration Synchronization
+
+Use migration synchronization when you want a migration (including HashiCorp Vault migrations) to continue reflecting source-side changes after the initial import.
+
+Enable or disable synchronization with:
+
+```shell
+akeyless gateway-sync-migration \
+--name <Migration Name> \
+--gateway-url <API Gateway URL>:8000 \
+--sync <true/false>
+```
+
+Where:
+
+* `--sync true`: Starts synchronization.
+* `--sync false`: Stops synchronization.
+
+For full command details, see the [Automatic Migration CLI Reference](https://docs.akeyless.io/docs/cli-reference-automatic-migration#sync).
+
 ## Operational Guidance
 
 Use a phased rollout:

docs/Integrations & Plugins/cli-reference/cli-reference-gateway/cli-reference-automatic-migration.md

@@ -128,7 +128,9 @@ akeyless gateway-create-migration \
 
 `--ad-discover-services[=false]`: Enable/Disable discovery of Windows services from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration)
 
-`--ad-discovery-types`: Set migration discovery types (domain-users, computers, local-users). To specify multiple types use argument multiple times: --ad-discovery-types domain-users --ad-discovery-types local-users. (Relevant only for Active Directory migration)
+`--ad-discovery-types`: Set migration discovery types (domain-users, computers, local-users, certificates). To specify multiple types use argument multiple times: --ad-discovery-types domain-users --ad-discovery-types local-users. (Relevant only for Active Directory migration)
+
+`--ai-certificate-discovery[=false]`: Enable/Disable AI-assisted certificate discovery (only when AI Insight is enabled on the Gateway). (Relevant only for Active Directory migration)
 
 `--ad-sra-enable-rdp`: Enable/Disable RDP Secure Remote Access for the migrated local users Rotated Secrets. Default is false: Rotated Secrets will not be created with SRA (Relevant only for Active Directory migration)
 
@@ -351,7 +353,9 @@ akeyless gateway-update-migration \
 
 `--ad-discover-services[=false]`: Enable/Disable discovery of Windows services from each domain server as part of the SSH/Windows Rotated Secrets. Default is false. (Relevant only for Active Directory migration)
 
-`--ad-discovery-types`: Set migration discovery types (domain-users, computers, local-users). To specify multiple types use argument multiple times: --ad-discovery-types domain-users --ad-discovery-types local-users. (Relevant only for Active Directory migration)
+`--ad-discovery-types`: Set migration discovery types (domain-users, computers, local-users, certificates). To specify multiple types use argument multiple times: --ad-discovery-types domain-users --ad-discovery-types local-users. (Relevant only for Active Directory migration)
+
+`--ai-certificate-discovery[=false]`: Enable/Disable AI-assisted certificate discovery (only when AI Insight is enabled on the Gateway). (Relevant only for Active Directory migration)
 
 `--ad-sra-enable-rdp`: Enable/Disable RDP Secure Remote Access for the migrated local users Rotated Secrets. Default is false: Rotated Secrets will not be created with SRA (Relevant only for Active Directory migration)
 

docs/Universal Secret Connector/universal-secrets-connector/github-universal-secret-connector.md

@@ -7,6 +7,8 @@ metadata:
 ---
 This page discusses the creation of GitHub [Universal Secrets Connectors](https://docs.akeyless.io/docs/universal-secrets-connector). If you wish to create a Universal Secrets Connector for a different cloud service, please go to the matching doc, as they have varying parameters.
 
+In environments using Multi-Vault Governance (MVG), GitHub USC is surfaced as the MVG item for GitHub repository secret management.
+
 Unlike other **USCs**, GitHub does not let you view secret values outside GitHub. With this USC, you can **create new secrets**, **update existing secrets**, and **delete secrets** in the repository.
 
 GitHub USC setup and management has 3 scopes: