[DOCS] Clarify alerting API key management (elastic#208292)

docs/user/alerting/alerting-setup.asciidoc

@@ -123,16 +123,14 @@ For more information on configuring roles that provide access to features, go to
 Rules are authorized using an API key.
 Its credentials are used to run all background tasks associated with the rule, including condition checks like {es} queries and triggered actions.
 
-If you create or edit a rule in {kib}, an API key is created that captures a snapshot of your privileges at the time of the edit.
-The following actions regenerate the API key in {kib}:
-
-* Creating a rule
-* Updating a rule
+When you create a rule in {kib}, an API key is created that captures a snapshot of your privileges.
+Likewise when you update a rule, the API key is updated with a snapshot of your privileges at the time of the edit. 
 
 When you disable a rule, it retains the associated API key which is reused when the rule is enabled.
-If the API key is missing when you enable the rule (for example, in the case of imported rules), it generates a new key that has your security privileges.
+If the API key is missing when you enable the rule, a new key is generated that has your current security privileges.
+When you import a rule, you must enable it before you can use it and a new API key is generated at that time.
 
-You can update an API key manually in **{stack-manage-app} > {rules-ui}** or in the rule details page by selecting **Update API key** in the actions menu.
+You can generate a new API key at any time in **{stack-manage-app} > {rules-ui}** or in the rule details page by selecting **Update API key** in the actions menu.
 
 If you manage your rules by using {kib} APIs, they support support both key- and token-based authentication as described in <<api-authentication>>.
 To use key-based authentication, create API keys and use them in the header of your API calls as described in <<api-keys>>.