diff --git a/docs/networking/port-forwarding.md b/docs/networking/port-forwarding.md
index 9118a484eb09a..ce8bb6822f5e6 100644
--- a/docs/networking/port-forwarding.md
+++ b/docs/networking/port-forwarding.md
@@ -45,7 +45,11 @@ For more examples, see `coder port-forward --help`.
## Dashboard
> To enable port forwarding via the dashboard, Coder must be configured with a
-> [wildcard access URL](../admin/configure.md#wildcard-access-url).
+> [wildcard access URL](../admin/configure.md#wildcard-access-url). If an access
+> URL is not specified, Coder will create [a publicly accessible URL](../admin/configure.md#tunnel)
+> to reverse proxy the deployment, and port forwarding will work. There is a
+> known limitation where if the port forwarding URL length is greater than 63
+> characters, port forwarding will not work.
### From an arbitrary port
diff --git a/docs/secrets.md b/docs/secrets.md
index c3566b3ed3877..f135c4602c577 100644
--- a/docs/secrets.md
+++ b/docs/secrets.md
@@ -2,7 +2,7 @@
This article explains how to use secrets in a workspace. To authenticate the
-workspace provisioner, see this.
+workspace provisioner, see [this](./admin/auth.md).
Coder is open-minded about how you get your secrets into your workspaces.
@@ -20,7 +20,7 @@ Often, this workflow is simply:
1. Your users write them to a persistent file after
they've built their workspace
-Template parameters are a dangerous way to accept secrets.
+[Template parameters](./templates.md#parameters)> are a dangerous way to accept secrets.
We show parameters in cleartext around the product. Assume anyone with view
access to a workspace can also see its parameters.