diff --git a/TILE_AUTHOR_GUIDE.md b/TILE_AUTHOR_GUIDE.md
index 93dd0a834..69d1a31e2 100644
--- a/TILE_AUTHOR_GUIDE.md
+++ b/TILE_AUTHOR_GUIDE.md
@@ -268,17 +268,21 @@ kiln fetch --variable="github_token=${GITHUB_TOKEN}"
Kiln can fetch and upload releases to/from Build Artifactory.
-_TODO_
+_TODO: write this section._
#### AWS S3
Kiln can fetch and upload releases to/from AWS S3.
-_TODO_
+_TODO: write this section._
-#### Local files
+#### Local tarballs
-_TODO_
+`kiln bake` adds the BOSH release tarballs in the releases directory to the tile reguardless of if they match the Kilnfile.lock
+(There may be a regression in this behavior but that change may be fixed/reverted.)
+Building a tile with arbitrary releases in the tarball is not secure; this behavior should only be used for development not for building production tiles.
+
+_TODO: test out this behavior (a slack comment mentioned it is not working)._
#### Default credentials file
@@ -286,14 +290,14 @@ You can add a default credentials file to `~/.kiln/credentials.yml` so you don't
Don't do this with production creds but if you have credentials you can safely write to your disk, consider using this functionality.
The file can look like this
```yaml
-# GitHub release sources credentials
+# GitHub BOSH release tarball release sources credentials
github_token: some-token
-# S3 release source credentials
+# S3 release BOSH release tarball source credentials
aws_secret_access_key: some-key
aws_access_key_id: some-id
-# Artifactory release source credentials
+# Artifactory BOSH release tarball release source credentials
artifactory_username: some-username
artifactory_password: some-password
```