From dbaed47da245dad4b33b3b3d16db75a1895fb836 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <kcardenas@hashicorp.com>
Date: Wed, 27 Apr 2022 14:15:39 -0700
Subject: [PATCH] docs: fixes makdown leakage

---
 .../docs/security/security-models/core.mdx    | 27 +++++++++----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx
index 815abdfd7f..80976e68c4 100644
--- a/website/content/docs/security/security-models/core.mdx
+++ b/website/content/docs/security/security-models/core.mdx
@@ -143,25 +143,24 @@ environment and adapt these configurations accordingly.
     **Example Client Agent TLS Configuration**
 
     ```hcl
-    tls {
-      defaults {
-        verify_incoming = false
-        verify_outgoing = true
-        ca_file = "consul-agent-ca.pem"
+      tls {
+        defaults {
+          verify_incoming = false
+          verify_outgoing = true
+          ca_file = "consul-agent-ca.pem"
+        }
+
+        internal_rpc {
+          verify_server_hostname = true
+        }
       }
 
-      internal_rpc {
-        verify_server_hostname = true
+      auto_encrypt {
+        tls = true
       }
-    }
-
-
-    auto_encrypt {
-      tls = true
-    }
     ```
 
-    -> The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming)
+  -> **Note**: The client agent TLS configuration from above sets [`verify_incoming`](/docs/agent/config/config-files#tls_defaults_verify_incoming)
     to false which assumes all incoming traffic is restricted to `localhost`. The primary benefit for this configuration
     would be to avoid provisioning client TLS certificates (in addition to ACL tokens) for all tools or applications
     using the local Consul agent. In this case ACLs should be enabled to provide authorization and only ACL tokens would