diff --git a/deployment/modules/aws/tesseract/test/main.tf b/deployment/modules/aws/tesseract/test/main.tf
index 7097200b..02cb3946 100644
--- a/deployment/modules/aws/tesseract/test/main.tf
+++ b/deployment/modules/aws/tesseract/test/main.tf
@@ -11,6 +11,9 @@ module "storage" {
   ephemeral   = var.ephemeral
 }
 
+# [WARNING]
+# Using secrets manager does NOT guarantee the security of the signing keys. 
+# There are significant security risks if the secrets are mismanaged.
 module "secretsmanager" {
   source = "../../secretsmanager"
 
diff --git a/deployment/modules/gcp/tesseract/conformance/main.tf b/deployment/modules/gcp/tesseract/conformance/main.tf
index e067fb60..271a39f0 100644
--- a/deployment/modules/gcp/tesseract/conformance/main.tf
+++ b/deployment/modules/gcp/tesseract/conformance/main.tf
@@ -11,6 +11,9 @@ module "storage" {
   ephemeral  = true
 }
 
+# [WARNING]
+# Using secret manager does NOT guarantee the security of the signing keys. 
+# There are significant security risks if the secrets are mismanaged.
 module "secretmanager" {
   source = "../../secretmanager"
 
diff --git a/deployment/modules/gcp/tesseract/test/main.tf b/deployment/modules/gcp/tesseract/test/main.tf
index bcb40b58..76e3d508 100644
--- a/deployment/modules/gcp/tesseract/test/main.tf
+++ b/deployment/modules/gcp/tesseract/test/main.tf
@@ -11,6 +11,9 @@ module "storage" {
   ephemeral  = false
 }
 
+# [WARNING]
+# Using secret manager does NOT guarantee the security of the signing keys. 
+# There are significant security risks if the secrets are mismanaged.
 module "secretmanager" {
   source = "../../secretmanager"