diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index c210382381559853a04f0682c31c9fb94c30ca3e..12a91f8b4502c163c9f81246c3a0c96d38c6a591 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -240,6 +240,7 @@ Method 2:
 ### Configure Gitaly servers
 
 On the Gitaly servers, you must configure storage paths and enable the network listener.
+The Gitaly server must be able to read, write, and set permissions on the configured path.
 
 If you want to reduce the risk of downtime when you enable authentication, you can temporarily
 disable enforcement. For more information, see the documentation on configuring
@@ -255,8 +256,6 @@ disable enforcement. For more information, see the documentation on configuring
    -->
 
    ```ruby
-   # /etc/gitlab/gitlab.rb
-
    # Avoid running unnecessary services on the Gitaly server
    postgresql['enable'] = false
    redis['enable'] = false
@@ -290,6 +289,10 @@ disable enforcement. For more information, see the documentation on configuring
    # Don't forget to copy `/etc/gitlab/gitlab-secrets.json` from Gitaly client to Gitaly server.
    gitlab_rails['internal_api_url'] = 'https://gitlab.example.com'
 
+   # Authentication token to ensure only authorized servers can communicate with
+   # Gitaly server
+   gitaly['auth_token'] = 'AUTH_TOKEN'
+
    # Make Gitaly accept connections on all network interfaces. You must use
    # firewalls to restrict access to this address/port.
    # Comment out following line if you only want to support TLS connections
@@ -392,10 +395,10 @@ if previously enabled manually.
 Gitaly makes the following assumptions:
 
 - Your `gitaly1.internal` Gitaly server can be reached at `gitaly1.internal:8075` from your Gitaly
-  clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/default` and
-  `/mnt/gitlab/storage1`.
+  clients, and that Gitaly server can read, write, and set permissions on `/var/opt/gitlab/git-data` and
+  `/mnt/gitlab/git-data`.
 - Your `gitaly2.internal` Gitaly server can be reached at `gitaly2.internal:8075` from your Gitaly
-  clients, and that Gitaly server can read, write, and set permissions on `/mnt/gitlab/storage2`.
+  clients, and that Gitaly server can read, write, and set permissions on `/srv/gitlab/git-data`.
 - Your `gitaly1.internal` and `gitaly2.internal` Gitaly servers can reach each other.
 
 You can't define Gitaly servers with some as a local Gitaly server
@@ -600,7 +603,8 @@ To configure Gitaly with TLS:
    ```
 
 1. Copy all Gitaly server certificates (or their certificate authority) to
-   `/etc/gitlab/trusted-certs` so that Gitaly servers trust the certificate when calling into themselves
+   `/etc/gitlab/trusted-certs` on all Gitaly servers and clients
+   so that Gitaly servers and clients trust the certificate when calling into themselves
    or other Gitaly servers:
 
    ```shell