diff --git a/doc/FAQ.md b/doc/FAQ.md
index a4f9b87b35b8d666b107df5d76eb18406b7df8fd..3b276728496d2e341ae598efe0e54e0c676541cb 100644
--- a/doc/FAQ.md
+++ b/doc/FAQ.md
@@ -6,6 +6,8 @@ No, you only have to make the request to the "/onboarding" endpoint. In it you m
 ### There is one party that publishes the API and another that exposes it, what is the difference?
 There are different services, the APF, intended for publishing the APIs, and the AEF, intended so that the invoker can call it. The APF is what connects to the Capif Core Function to publish the service and when the service is up, you need the AEF service so that invokers can connect to it.
 
+### What is Vault?
+Vault is a secrets management system used to securely store and manage sensitive information like API keys, TLS certificates, and authentication tokens. In the context of OpenCAPIF, Vault is used to securely handle and distribute the certificates and private keys for the AEF, APF, and AMF components during onboarding. This ensures that secrets are not exposed in code or configuration files, and enables automated certificate rotation, audit logging, and fine-grained access control.
 
 ### Before publishing an API, do you have to be registered in CAPIF?
 Yes, before publishing an API you must register using the POST /register endpoint.
@@ -49,7 +51,7 @@ It is better to unsubscribe the API every time you exit the application since ot
 Yes, a user can have multiple invokers at the same time, and as such, the username and password would be the same.
 
 
-### What is the notfication destination field in the register_invoker request?
+### What is the notification destination field in the register_invoker request?
 This is the callback URL used to notify events. CAPIF has an Event service to subscribe to that notifies actions such as a subscription to an API, a change in the state of an API...