diff --git a/Solutions/Gitea/Gitea.yaml b/Solutions/Gitea/Gitea.yaml
index a2c1b2a4..b0dc6dbd 100644
--- a/Solutions/Gitea/Gitea.yaml
+++ b/Solutions/Gitea/Gitea.yaml
@@ -99,6 +99,7 @@ Resources:
               - ssm:UpdateInstanceInformation
               - ssmmessages:*
               - secretsmanager:GetSecretValue
+              - kms:Decrypt
             Effect: Allow
             Resource: '*'
         Version: "2012-10-17"
diff --git a/Solutions/Gitea/README.md b/Solutions/Gitea/README.md
index b2518154..2e55c770 100644
--- a/Solutions/Gitea/README.md
+++ b/Solutions/Gitea/README.md
@@ -6,7 +6,8 @@ provides the CloudFront URL.
 
 As a prerequisite, you need to create a plaintext secret in Secrets Manager to
 store your password for a Gitea user called 'admin1' that will be created by the
-user data script. The default name for the secret is 'gitea-password'.
+user data script. The default name for the secret is 'gitea-password'. Do not create 
+a "Key/value" secret, choose "Plaintext".
 
 ## Files