diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
new file mode 100644
index 0000000000..7d0a44c3e7
--- /dev/null
+++ b/.github/workflows/build-docker-image.yml
@@ -0,0 +1,23 @@
+# Make sure the Docker container still builds
+
+name: Build Docker image
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches-ignore:
+      - translations
+
+env:
+  CI: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+      - name: Build the container
+        run: docker build .
diff --git a/Dockerfile b/Dockerfile
index 59846b78f6..6e5205f763 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,18 +7,21 @@
 # A temporary image that installs production-only dependencies
 
 FROM node:14-alpine as installation
+RUN apk add --no-cache python make g++
 ENV NODE_ENV production
 WORKDIR /usr/src/docs
 COPY package*.json ./
 
 # Install the project's dependencies
-RUN npm ci
+RUN npm ci --production
 
 # --------------------------------------------------------------------------------
 # BUNDLE IMAGE
 # A temporary image that installs dependencies and builds the production-ready front-end bundles.
 
 FROM node:14-alpine as bundles
+RUN apk add --no-cache python make g++
+ENV NODE_ENV production
 WORKDIR /usr/src/docs
 # Install the files used to create the bundles
 COPY package*.json ./
@@ -27,7 +30,8 @@ COPY stylesheets ./stylesheets
 COPY lib ./lib
 COPY webpack.config.js ./webpack.config.js
 # Install the project's dependencies and build the bundles
-RUN npm ci && npm run build
+RUN npm ci --production
+RUN npm run build
 
 # --------------------------------------------------------------------------------
 # MAIN IMAGE
@@ -52,16 +56,23 @@ COPY --chown=node:node --from=bundles /usr/src/docs/dist /usr/src/docs/dist
 # We should always be running in production mode
 ENV NODE_ENV production
 
+# Use Lunr instead of Algolia
+ENV USE_LUNR true
+
 # Copy only what's needed to run the server
 COPY --chown=node:node assets ./assets
 COPY --chown=node:node content ./content
 COPY --chown=node:node data ./data
 COPY --chown=node:node includes ./includes
+COPY --chown=node:node layouts ./layouts
 COPY --chown=node:node lib ./lib
 COPY --chown=node:node middleware ./middleware
 COPY --chown=node:node translations ./translations
 COPY --chown=node:node server.js ./server.js
 COPY --chown=node:node package*.json ./
+COPY --chown=node:node feature-flags.json ./
 
+EXPOSE 80
 EXPOSE 443
+EXPOSE 4000
 CMD ["node", "server.js"]
diff --git a/assets/images/help/settings/token_description.png b/assets/images/help/settings/token_description.png
index e3eccd2846..ca7a033763 100644
Binary files a/assets/images/help/settings/token_description.png and b/assets/images/help/settings/token_description.png differ
diff --git a/content/admin/configuration/configuring-data-encryption-for-your-enterprise.md b/content/admin/configuration/configuring-data-encryption-for-your-enterprise.md
index 2d426fccb9..d6da59782a 100644
--- a/content/admin/configuration/configuring-data-encryption-for-your-enterprise.md
+++ b/content/admin/configuration/configuring-data-encryption-for-your-enterprise.md
@@ -20,7 +20,7 @@ For encryption in transit, {% data variables.product.product_name %} uses Transp
 
 The key that you provide is stored in a hardware security module (HSM) in a key vault that {% data variables.product.company_short %} manages.
 
-To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and delete your encryption key. Note that deleting your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
+To configure your encryption key, use the REST API. There are a number of API endpoints, for example to check the status of encryption, update your encryption key, and disable your encryption key. Note that disabling your key will freeze your enterprise. For more information about the API endpoints, see "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation.
 
 ### Adding or updating an encryption key
 
@@ -48,24 +48,24 @@ Your 2048 bit RSA private key should be in PEM format, for example in a file cal
    curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
    ```
 
-### Deleting your encryption key
+### Disabling your encryption key
 
-To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by deleting your encryption key.
+To freeze your enterprise, for example in the case of a breach, you can disable encryption at rest by marking your encryption key as disabled.
 
-To unfreeze your enterprise after you've deleted your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
-
-1. To delete your key and disable encryption at rest, use the `DELETE /enterprise/encryption` endpoint.
+1. To disable your key and encryption at rest, use the `DELETE /enterprise/encryption` endpoint. This operation does not delete the key permanently.
 
    ```shell
    curl -X DELETE http(s)://<em>hostname</em>/api/v3/enterprise/encryption
    ```
 
-2. Optionally, check the status of the delete operation.
+2. Optionally, check the status of the delete operation. It takes approximately ten minutes to disable encryption at rest.
 
    ```shell
    curl -X GET http(s)://<em>hostname</em>/api/v3/enterprise/encryption/status/<em>request_id</em>
    ```
 
+To unfreeze your enterprise after you've disabled your encryption key, contact support. For more information, see "[About {% data variables.contact.enterprise_support %}](/admin/enterprise-support/about-github-enterprise-support)."
+
 ### Further reading
 
 - "[Encryption at rest](/rest/reference/enterprise-admin#encryption-at-rest)" in the REST API documentation 
diff --git a/lib/rest/static/decorated/github.ae.json b/lib/rest/static/decorated/github.ae.json
index 9f9de893ea..7c466a825b 100644
--- a/lib/rest/static/decorated/github.ae.json
+++ b/lib/rest/static/decorated/github.ae.json
@@ -6153,7 +6153,7 @@
       }
     ],
     "summary": "Disable encryption at rest",
-    "description": "**Warning:** The encryption at rest endpoints are currently in beta and are subject to change.\n\nDisables encryption at rest and deletes the encryption key. To freeze your enterprise, you can disable encryption at rest. For example, you can freeze your enterprise in the case of a breach. It takes approximately ten minutes to disable encryption at rest. To check the status, use the \"[Get an encryption status](https://docs.github.com/github-ae@latest/rest/reference/enterprise-admin#get-an-encryption-status)\" REST API.\n\nTo unfreeze your enterprise after you've disabled encryption at rest, you must contact Support. For more information, see \"[Receiving enterprise support](/admin/enterprise-support/receiving-help-from-github-support).\"",
+    "description": "**Warning:** The encryption at rest endpoints are currently in beta and are subject to change.\n\nMarks your encryption key as disabled and disables encryption at rest. This will freeze your enterprise. For example, you can use this operation to freeze your enterprise in case of a breach. Note: This operation does not delete the key permanently.\n\nIt takes approximately ten minutes to disable encryption at rest. To check the status, use the \"[Get an encryption status](https://docs.github.com/github-ae@latest/rest/reference/enterprise-admin#get-an-encryption-status)\" REST API.\n\nTo unfreeze your enterprise after you've disabled encryption at rest, you must contact Support. For more information, see \"[Receiving enterprise support](/admin/enterprise-support/receiving-help-from-github-support).\"",
     "operationId": "enterprise-admin/disable-encryption",
     "tags": [
       "enterprise-admin"
@@ -6176,7 +6176,7 @@
     "subcategoryLabel": "Encryption at rest",
     "notes": [],
     "bodyParameters": [],
-    "descriptionHTML": "<p><strong>Warning:</strong> The encryption at rest endpoints are currently in beta and are subject to change.</p>\n<p>Disables encryption at rest and deletes the encryption key. To freeze your enterprise, you can disable encryption at rest. For example, you can freeze your enterprise in the case of a breach. It takes approximately ten minutes to disable encryption at rest. To check the status, use the \"<a href=\"https://docs.github.com/github-ae@latest/rest/reference/enterprise-admin#get-an-encryption-status\">Get an encryption status</a>\" REST API.</p>\n<p>To unfreeze your enterprise after you've disabled encryption at rest, you must contact Support. For more information, see \"<a href=\"/admin/enterprise-support/receiving-help-from-github-support\">Receiving enterprise support</a>.\"</p>",
+    "descriptionHTML": "<p><strong>Warning:</strong> The encryption at rest endpoints are currently in beta and are subject to change.</p>\n<p>Marks your encryption key as disabled and disables encryption at rest. This will freeze your enterprise. For example, you can use this operation to freeze your enterprise in case of a breach. Note: This operation does not delete the key permanently.</p>\n<p>It takes approximately ten minutes to disable encryption at rest. To check the status, use the \"<a href=\"https://docs.github.com/github-ae@latest/rest/reference/enterprise-admin#get-an-encryption-status\">Get an encryption status</a>\" REST API.</p>\n<p>To unfreeze your enterprise after you've disabled encryption at rest, you must contact Support. For more information, see \"<a href=\"/admin/enterprise-support/receiving-help-from-github-support\">Receiving enterprise support</a>.\"</p>",
     "responses": [
       {
         "httpStatusCode": "202",
diff --git a/lib/rest/static/dereferenced/github.ae.deref.json b/lib/rest/static/dereferenced/github.ae.deref.json
index c2b211472b..88191914e8 100644
--- a/lib/rest/static/dereferenced/github.ae.deref.json
+++ b/lib/rest/static/dereferenced/github.ae.deref.json
@@ -12328,7 +12328,7 @@
       },
       "delete": {
         "summary": "Disable encryption at rest",
-        "description": "**Warning:** The encryption at rest endpoints are currently in beta and are subject to change.\n\nDisables encryption at rest and deletes the encryption key. To freeze your enterprise, you can disable encryption at rest. For example, you can freeze your enterprise in the case of a breach. It takes approximately ten minutes to disable encryption at rest. To check the status, use the \"[Get an encryption status](https://docs.github.com/github-ae@latest/rest/reference/enterprise-admin#get-an-encryption-status)\" REST API.\n\nTo unfreeze your enterprise after you've disabled encryption at rest, you must contact Support. For more information, see \"[Receiving enterprise support](/admin/enterprise-support/receiving-help-from-github-support).\"",
+        "description": "**Warning:** The encryption at rest endpoints are currently in beta and are subject to change.\n\nMarks your encryption key as disabled and disables encryption at rest. This will freeze your enterprise. For example, you can use this operation to freeze your enterprise in case of a breach. Note: This operation does not delete the key permanently.\n\nIt takes approximately ten minutes to disable encryption at rest. To check the status, use the \"[Get an encryption status](https://docs.github.com/github-ae@latest/rest/reference/enterprise-admin#get-an-encryption-status)\" REST API.\n\nTo unfreeze your enterprise after you've disabled encryption at rest, you must contact Support. For more information, see \"[Receiving enterprise support](/admin/enterprise-support/receiving-help-from-github-support).\"",
         "operationId": "enterprise-admin/disable-encryption",
         "tags": [
           "enterprise-admin"