diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index e4fa6713a90..069b0a225c6 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -248,15 +248,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/administration/object_storage.md @axil
 /doc/administration/operations/ @axil
 /doc/administration/operations/moving_repositories.md @eread
+/doc/administration/operations/fast_ssh_key_lookup.md @aqualls
 /doc/administration/operations/sidekiq_memory_killer.md @sselhorn
 /doc/administration/package_information/ @axil
 /doc/administration/packages/ @claytoncornell
 /doc/administration/pages/index.md @aqualls
 /doc/administration/pages/source.md @aqualls
 /doc/administration/polling.md @axil
-/doc/administration/postgresql/ @sselhorn
+/doc/administration/postgresql/ @aqualls
 /doc/administration/pseudonymizer.md @axil
 /doc/administration/raketasks/ @axil
+/doc/administration/raketasks/ldap.md @eread
 /doc/administration/raketasks/praefect.md @eread
 /doc/administration/read_only_gitlab.md @axil
 /doc/administration/redis/ @axil
@@ -277,8 +279,9 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/administration/terraform_state.md @sselhorn
 /doc/administration/timezone.md @axil
 /doc/administration/troubleshooting/ @axil
-/doc/administration/troubleshooting/elasticsearch.md @rdickenson
-/doc/administration/troubleshooting/postgresql.md @sselhorn
+/doc/administration/troubleshooting/elasticsearch.md @sselhorn
+/doc/administration/troubleshooting/group_saml_scim.md @eread
+/doc/administration/troubleshooting/postgresql.md @aqualls
 /doc/administration/uploads.md @axil
 /doc/administration/user_settings.md @eread
 /doc/administration/whats-new.md @kpaizee
@@ -437,7 +440,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/api/vulnerability_findings.md @claytoncornell
 /doc/api/wikis.md @aqualls
 /doc/architecture/blueprints/container_registry_metadata_database/index.md @claytoncornell
-/doc/architecture/blueprints/database/scalability/patterns/ @sselhorn
+/doc/architecture/blueprints/database/scalability/patterns/ @aqualls
 /doc/architecture/blueprints/gitlab_to_kubernetes_communication/index.md @sselhorn
 /doc/ci/caching/index.md @marcel.amirault
 /doc/ci/chatops/index.md @sselhorn
@@ -479,6 +482,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/ci/review_apps/index.md @marcel.amirault
 /doc/ci/runners/ @sselhorn
 /doc/ci/secrets/index.md @marcel.amirault
+/doc/ci/secure_files/index.md @marcel.amirault
 /doc/ci/services/ @sselhorn
 /doc/ci/ssh_keys/index.md @marcel.amirault
 /doc/ci/test_cases/index.md @msedlakjakubowski
@@ -487,14 +491,13 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/ci/unit_test_reports.md @marcel.amirault
 /doc/ci/variables/ @marcel.amirault
 /doc/ci/yaml/ @marcel.amirault
-/doc/development/adding_database_indexes.md @sselhorn
+/doc/development/adding_database_indexes.md @aqualls
 /doc/development/application_limits.md @axil
 /doc/development/approval_rules.md @aqualls
 /doc/development/audit_event_guide/index.md @eread
 /doc/development/auto_devops.md @sselhorn
-/doc/development/backend/create_source_code_be/index.md @aqualls
+/doc/development/backend/create_source_code_be/ @aqualls
 /doc/development/backend/ruby_style_guide.md @sselhorn
-/doc/development/batched_background_migrations.md @sselhorn
 /doc/development/build_test_package.md @axil
 /doc/development/bulk_import.md @eread
 /doc/development/cached_queries.md @sselhorn
@@ -507,23 +510,19 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/code_intelligence/index.md @aqualls
 /doc/development/contributing/ @sselhorn
 /doc/development/contributing/merge_request_workflow.md @aqualls
-/doc/development/creating_enums.md @sselhorn
-/doc/development/database_debugging.md @sselhorn
-/doc/development/database_query_comments.md @sselhorn
-/doc/development/database_review.md @sselhorn
-/doc/development/database/ @sselhorn
-/doc/development/database/multiple_databases.md @sselhorn
-/doc/development/db_dump.md @sselhorn
+/doc/development/creating_enums.md @aqualls
+/doc/development/database_debugging.md @aqualls
+/doc/development/database_query_comments.md @aqualls
+/doc/development/database_review.md @aqualls
+/doc/development/database/ @aqualls
+/doc/development/db_dump.md @aqualls
 /doc/development/developing_with_solargraph.md @aqualls
 /doc/development/diffs.md @aqualls
 /doc/development/distributed_tracing.md @msedlakjakubowski
-/doc/development/documentation/feature_flags.md @sselhorn
-/doc/development/documentation/graphql_styleguide.md @sselhorn
+/doc/development/documentation/ @sselhorn
 /doc/development/documentation/index.md @dianalogan
 /doc/development/documentation/redirects.md @dianalogan
 /doc/development/documentation/review_apps.md @dianalogan
-/doc/development/documentation/structure.md @sselhorn
-/doc/development/documentation/styleguide/ @sselhorn
 /doc/development/documentation/testing.md @dianalogan
 /doc/development/elasticsearch.md @sselhorn
 /doc/development/experiment_guide/gitlab_experiment.md @kpaizee
@@ -537,19 +536,21 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/feature_flags/controls.md @sselhorn
 /doc/development/feature_flags/index.md @sselhorn
 /doc/development/filtering_by_label.md @msedlakjakubowski
-/doc/development/foreign_keys.md @sselhorn
+/doc/development/foreign_keys.md @aqualls
 /doc/development/geo.md @axil
 /doc/development/geo/framework.md @axil
 /doc/development/git_object_deduplication.md @eread
 /doc/development/gitaly.md @eread
+/doc/development/gitlab_flavored_markdown/index.md @aqualls
+/doc/development/gitlab_flavored_markdown/specification_guide/index.md @aqualls
 /doc/development/graphql_guide/ @kpaizee
-/doc/development/graphql_guide/batchloader.md @sselhorn
-/doc/development/hash_indexes.md @sselhorn
+/doc/development/graphql_guide/batchloader.md @aqualls
+/doc/development/hash_indexes.md @aqualls
 /doc/development/i18n/ @eread
 /doc/development/image_scaling.md @sselhorn
 /doc/development/import_export.md @eread
 /doc/development/index.md @sselhorn
-/doc/development/insert_into_tables_in_batches.md @sselhorn
+/doc/development/insert_into_tables_in_batches.md @aqualls
 /doc/development/integrations/ @kpaizee
 /doc/development/integrations/codesandbox.md @sselhorn
 /doc/development/integrations/secure_partner_integration.md @rdickenson
@@ -558,7 +559,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/internal_users.md @sselhorn
 /doc/development/issuable-like-models.md @msedlakjakubowski
 /doc/development/issue_types.md @msedlakjakubowski
-/doc/development/iterating_tables_in_batches.md @sselhorn
+/doc/development/iterating_tables_in_batches.md @aqualls
 /doc/development/kubernetes.md @sselhorn
 /doc/development/lfs.md @aqualls
 /doc/development/licensed_feature_availability.md @sselhorn
@@ -567,30 +568,30 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/development/new_fe_guide/modules/widget_extensions.md @aqualls
 /doc/development/new_fe_guide/tips.md @sselhorn
 /doc/development/omnibus.md @axil
-/doc/development/ordering_table_columns.md @sselhorn
+/doc/development/ordering_table_columns.md @aqualls
 /doc/development/packages.md @claytoncornell
 /doc/development/permissions.md @eread
 /doc/development/policies.md @eread
 /doc/development/product_qualified_lead_guide/index.md @kpaizee
 /doc/development/project_templates.md @fneill
 /doc/development/prometheus_metrics.md @msedlakjakubowski
-/doc/development/query_performance.md @sselhorn
-/doc/development/query_recorder.md @sselhorn
+/doc/development/query_performance.md @aqualls
+/doc/development/query_recorder.md @aqualls
 /doc/development/real_time.md @msedlakjakubowski
 /doc/development/secure_coding_guidelines.md @sselhorn
-/doc/development/serializing_data.md @sselhorn
+/doc/development/serializing_data.md @aqualls
 /doc/development/service_ping/ @claytoncornell
-/doc/development/single_table_inheritance.md @sselhorn
+/doc/development/single_table_inheritance.md @aqualls
 /doc/development/snowplow/ @claytoncornell
 /doc/development/spam_protection_and_captcha/ @eread
-/doc/development/sql.md @sselhorn
-/doc/development/swapping_tables.md @sselhorn
+/doc/development/sql.md @aqualls
+/doc/development/swapping_tables.md @aqualls
 /doc/development/testing_guide/best_practices.md @sselhorn
 /doc/development/testing_guide/end_to_end/best_practices.md @sselhorn
-/doc/development/understanding_explain_plans.md @sselhorn
+/doc/development/understanding_explain_plans.md @aqualls
 /doc/development/value_stream_analytics.md @fneill
 /doc/development/value_stream_analytics/value_stream_analytics_aggregated_backend.md @fneill
-/doc/development/verifying_database_capabilities.md @sselhorn
+/doc/development/verifying_database_capabilities.md @aqualls
 /doc/development/wikis.md @aqualls
 /doc/development/work_items_widgets.md @msedlakjakubowski
 /doc/development/work_items.md @msedlakjakubowski
@@ -612,7 +613,8 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/operations/ @msedlakjakubowski
 /doc/operations/feature_flags.md @rdickenson
 /doc/operations/product_analytics.md @claytoncornell
-/doc/policy/ @axil
+/doc/policy/alpha-beta-support.md @axil
+/doc/policy/maintenance.md @axil
 /doc/raketasks/ @axil
 /doc/raketasks/generate_sample_prometheus_data.md @msedlakjakubowski
 /doc/raketasks/migrate_snippets.md @aqualls
@@ -624,11 +626,12 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/topics/autodevops/ @sselhorn
 /doc/topics/git/ @aqualls
 /doc/topics/gitlab_flow.md @aqualls
-/doc/topics/offline/ @axil
+/doc/topics/offline/index.md @axil
+/doc/topics/offline/quick_start_guide.md @axil
 /doc/topics/plan_and_track.md @msedlakjakubowski
 /doc/update/ @axil
-/doc/update/mysql_to_postgresql.md @sselhorn
-/doc/update/upgrading_postgresql_using_slony.md @sselhorn
+/doc/update/mysql_to_postgresql.md @aqualls
+/doc/update/upgrading_postgresql_using_slony.md @aqualls
 /doc/user/admin_area/analytics/ @fneill
 /doc/user/admin_area/broadcast_messages.md @kpaizee
 /doc/user/admin_area/credentials_inventory.md @eread
@@ -637,10 +640,10 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/admin_area/geo_nodes.md @axil
 /doc/user/admin_area/labels.md @msedlakjakubowski
 /doc/user/admin_area/license_file.md @sselhorn
-/doc/user/admin_area/license.md @kpaizee
+/doc/user/admin_area/license.md @sselhorn
 /doc/user/admin_area/merge_requests_approvals.md @aqualls
 /doc/user/admin_area/moderate_users.md @eread
-/doc/user/admin_area/monitoring/background_migrations.md @sselhorn
+/doc/user/admin_area/monitoring/background_migrations.md @aqualls
 /doc/user/admin_area/monitoring/health_check.md @msedlakjakubowski
 /doc/user/admin_area/reporting/spamcheck.md @axil
 /doc/user/admin_area/review_abuse_reports.md @eread
@@ -660,19 +663,17 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/admin_area/settings/push_event_activities_limit.md @aqualls
 /doc/user/admin_area/settings/rate_limit_on_issues_creation.md @msedlakjakubowski
 /doc/user/admin_area/settings/rate_limit_on_notes_creation.md @msedlakjakubowski
-/doc/user/admin_area/settings/rate_limit_on_users_api.md @eread
 /doc/user/admin_area/settings/third_party_offers.md @fneill
+/doc/user/admin_area/settings/usage_statistics.md @claytoncornell
 /doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls
 /doc/user/analytics/ @fneill
 /doc/user/analytics/ci_cd_analytics.md @rdickenson
 /doc/user/application_security/ @rdickenson
 /doc/user/application_security/cluster_image_scanning/index.md @claytoncornell
 /doc/user/application_security/container_scanning/index.md @claytoncornell
-/doc/user/application_security/coverage_fuzzing/index.md @rdickenson
 /doc/user/application_security/cve_id_request.md @claytoncornell
 /doc/user/application_security/policies/ @claytoncornell
 /doc/user/application_security/security_dashboard/index.md @claytoncornell
-/doc/user/application_security/threat_monitoring/index.md @claytoncornell
 /doc/user/application_security/vulnerabilities/index.md @claytoncornell
 /doc/user/application_security/vulnerabilities/severities.md @claytoncornell
 /doc/user/application_security/vulnerability_report/index.md @claytoncornell
@@ -717,6 +718,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/infrastructure/clusters/manage/management_project_applications/prometheus.md @msedlakjakubowski
 /doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @sselhorn
 /doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md @msedlakjakubowski
+/doc/user/infrastructure/clusters/manage/management_project_applications/vault.md @sselhorn
 /doc/user/infrastructure/iac/ @sselhorn
 /doc/user/infrastructure/index.md @sselhorn
 /doc/user/markdown.md @aqualls
@@ -759,12 +761,15 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/project/merge_requests/csv_export.md @eread
 /doc/user/project/merge_requests/fail_fast_testing.md @marcel.amirault
 /doc/user/project/merge_requests/load_performance_testing.md @marcel.amirault
-/doc/user/project/merge_requests/reviews/index.md @aqualls
 /doc/user/project/merge_requests/status_checks.md @eread
 /doc/user/project/merge_requests/test_coverage_visualization.md @marcel.amirault
 /doc/user/project/merge_requests/testing_and_reports_in_merge_requests.md @marcel.amirault
-/doc/user/project/milestones/ @msedlakjakubowski
+/doc/user/project/milestones/burndown_and_burnup_charts.md @msedlakjakubowski
+/doc/user/project/milestones/index.md @msedlakjakubowski
 /doc/user/project/pages/ @aqualls
+/doc/user/project/protected_branches.md @aqualls
+/doc/user/project/protected_tags.md @aqualls
+/doc/user/project/push_options.md @aqualls
 /doc/user/project/quick_actions.md @msedlakjakubowski
 /doc/user/project/releases/index.md @rdickenson
 /doc/user/project/releases/release_cli.md @rdickenson
@@ -784,6 +789,7 @@ lib/gitlab/checks/** @proglottis @toon @zj-gitlab
 /doc/user/public_access.md @fneill
 /doc/user/reserved_names.md @fneill
 /doc/user/search/advanced_search.md @sselhorn
+/doc/user/search/global_search/advanced_search_syntax.md @sselhorn
 /doc/user/search/index.md @aqualls
 /doc/user/shortcuts.md @aqualls
 /doc/user/snippets.md @aqualls
diff --git a/app/views/admin/application_settings/ci_cd.html.haml b/app/views/admin/application_settings/ci_cd.html.haml
index c7fc5f59d73..e925175b7ea 100644
--- a/app/views/admin/application_settings/ci_cd.html.haml
+++ b/app/views/admin/application_settings/ci_cd.html.haml
@@ -8,7 +8,7 @@
   .settings-content
     - if ci_variable_protected_by_default?
       %p.settings-message.text-center
-        - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable') }
+        - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protected-cicd-variables') }
         = s_('Environment variables on this GitLab instance are configured to be %{link_start}protected%{link_end} by default.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
     #js-instance-variables{ data: { endpoint: admin_ci_variables_path, group: 'true', maskable_regex: ci_variable_maskable_regex, protected_by_default: ci_variable_protected_by_default?.to_s} }
 
diff --git a/app/views/ci/variables/_index.html.haml b/app/views/ci/variables/_index.html.haml
index 6fc85e73de6..0024526a90c 100644
--- a/app/views/ci/variables/_index.html.haml
+++ b/app/views/ci/variables/_index.html.haml
@@ -2,7 +2,7 @@
 
 - if ci_variable_protected_by_default?
   %p.settings-message.text-center
-    - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable') }
+    - link_start = '<a href="%{url}">'.html_safe % { url: help_page_path('ci/variables/index', anchor: 'protected-cicd-variables') }
     = s_('Environment variables are configured by your administrator to be %{link_start}protected%{link_end} by default.').html_safe % { link_start: link_start, link_end: '</a>'.html_safe }
 
 - is_group = !@group.nil?
@@ -17,7 +17,7 @@
   aws_tip_commands_link: help_page_path('ci/cloud_deployment/index.md', anchor: 'run-aws-commands-from-gitlab-cicd'),
   aws_tip_learn_link: help_page_path('ci/cloud_deployment/index.md', anchor: 'aws'),
   contains_variable_reference_link: help_page_path('ci/variables/index', anchor: 'use-variables-in-other-variables'),
-  protected_environment_variables_link: help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable'),
+  protected_environment_variables_link: help_page_path('ci/variables/index', anchor: 'protected-cicd-variables'),
   masked_environment_variables_link: help_page_path('ci/variables/index', anchor: 'mask-a-cicd-variable'),
   environment_scope_link: help_page_path('ci/environments/index', anchor: 'scope-environments-with-specs') } }
 
diff --git a/doc/ci/cloud_deployment/index.md b/doc/ci/cloud_deployment/index.md
index 80e4d8fbe27..c89ce2675e4 100644
--- a/doc/ci/cloud_deployment/index.md
+++ b/doc/ci/cloud_deployment/index.md
@@ -59,7 +59,7 @@ Some credentials are required to be able to run `aws` commands:
    | `AWS_DEFAULT_REGION`           | Your region code       |
 
    NOTE:
-   When you create a variable it's set to be [protected by default](../variables/index.md#protect-a-cicd-variable). If you want to use the `aws` commands on branches or tags that are not protected, make sure to uncheck the **Protect variable** checkbox.
+   When you create a variable it's set to be [protected by default](../variables/index.md#protected-cicd-variables). If you want to use the `aws` commands on branches or tags that are not protected, make sure to uncheck the **Protect variable** checkbox.
 
 1. You can now use `aws` commands in the `.gitlab-ci.yml` file of this project:
 
diff --git a/doc/ci/environments/deployment_safety.md b/doc/ci/environments/deployment_safety.md
index 0e73dc4f7cd..a556d17ad75 100644
--- a/doc/ci/environments/deployment_safety.md
+++ b/doc/ci/environments/deployment_safety.md
@@ -111,7 +111,7 @@ for an explanation of these roles and the permissions of each.
 
 Production secrets are needed to deploy successfully. For example, when deploying to the cloud,
 cloud providers require these secrets to connect to their services. In the project settings, you can
-define and protect CI/CD variables for these secrets. [Protected variables](../variables/index.md#protect-a-cicd-variable)
+define and protect CI/CD variables for these secrets. [Protected variables](../variables/index.md#protected-cicd-variables)
 are only passed to pipelines running on [protected branches](../../user/project/protected_branches.md)
 or [protected tags](../../user/project/protected_tags.md).
 The other pipelines don't get the protected variable. You can also
diff --git a/doc/ci/migration/jenkins.md b/doc/ci/migration/jenkins.md
index 19b1a6cad1f..c59116ea8ed 100644
--- a/doc/ci/migration/jenkins.md
+++ b/doc/ci/migration/jenkins.md
@@ -305,7 +305,7 @@ my_job:
 
 In GitLab, we use the [`variables` keyword](../yaml/index.md#variables) to define different variables at runtime.
 These can also be set up through the GitLab UI, under CI/CD settings. See also our [general documentation on variables](../variables/index.md),
-including the section on [protected variables](../variables/index.md#protect-a-cicd-variable) which can be used
+including the section on [protected variables](../variables/index.md#protected-cicd-variables) which can be used
 to limit access to certain variables to certain environments or runners:
 
 ```yaml
diff --git a/doc/ci/pipelines/merge_request_pipelines.md b/doc/ci/pipelines/merge_request_pipelines.md
index 75408de2721..77513dcdf04 100644
--- a/doc/ci/pipelines/merge_request_pipelines.md
+++ b/doc/ci/pipelines/merge_request_pipelines.md
@@ -20,7 +20,7 @@ Branch pipelines:
 - Run when you push a new commit to a branch.
 - Are the default type of pipeline.
 - Have access to [some predefined variables](../variables/predefined_variables.md).
-- Have access to [protected variables](../variables/index.md#protect-a-cicd-variable) and [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
+- Have access to [protected variables](../variables/index.md#protected-cicd-variables) and [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
 
 Merge request pipelines:
 
@@ -33,7 +33,7 @@ Merge request pipelines:
 - Do not run by default. The jobs in the CI/CD configuration file [must be configured](#prerequisites)
   to run in merge request pipelines.
 - Have access to [more predefined variables](#available-predefined-variables).
-- Do not have access to [protected variables](../variables/index.md#protect-a-cicd-variable) or [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
+- Do not have access to [protected variables](../variables/index.md#protected-cicd-variables) or [protected runners](../runners/configure_runners.md#prevent-runners-from-revealing-sensitive-information).
 
 Both of these types of pipelines can appear on the **Pipelines** tab of a merge request.
 
diff --git a/doc/ci/variables/index.md b/doc/ci/variables/index.md
index 0bdfab97b9a..c78a588a5c1 100644
--- a/doc/ci/variables/index.md
+++ b/doc/ci/variables/index.md
@@ -367,16 +367,20 @@ a large value to the trace log has the potential to be [revealed](https://gitlab
 When using GitLab Runner 14.2, only the tail of the variable, characters beyond 4KiB in length, have the potential to
 be revealed.
 
-### Protect a CI/CD variable
+### Protected CI/CD variables
 
-You can protect a project, group or instance CI/CD variable so it is only passed
+You can configure a project, group or instance CI/CD variable to be only available
 to pipelines running on [protected branches](../../user/project/protected_branches.md)
 or [protected tags](../../user/project/protected_tags.md).
 
-[Merge request pipelines](../pipelines/merge_request_pipelines.md) do not have access to protected variables.
-An [issue exists](https://gitlab.com/gitlab-org/gitlab/-/issues/28002) regarding this limitation.
+These variables are only exported to CI environments running on protected refs. Therefore,
+[merged results pipelines](../pipelines/merge_request_pipelines.md#types-of-merge-request-pipelines), which run on a
+merge commit at the head of the merge request ref, will not have access to these variables.
 
-To protect a variable:
+Pipelines that run directly on the merge request's source branch, with no added merge commit, can access
+these variables if the source branch is a protected branch.
+
+To mark a variable as protected:
 
 1. Go to **Settings > CI/CD** in the project, group or instance admin area.
 1. Expand the **Variables** section.
@@ -729,7 +733,7 @@ the variable can be available for.
 To learn more about scoping environments, see [Scoping environments with specs](../environments/index.md#scope-environments-with-specs).
 
 To learn more about ensuring CI/CD variables are only exposed in pipelines running from protected
-branches or tags, see [Protect a CI/CD Variable](#protect-a-cicd-variable).
+branches or tags, see [Protect a CI/CD Variable](#protected-cicd-variables).
 
 ## Deployment variables
 
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index f3906692f63..1806a677c23 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -3800,7 +3800,7 @@ deploy_review_job:
 
 - All YAML-defined variables are also set to any linked [Docker service containers](../services/index.md).
 - YAML-defined variables are meant for non-sensitive project configuration. Store sensitive information
-  in [protected variables](../variables/index.md#protect-a-cicd-variable) or [CI/CD secrets](../secrets/index.md).
+  in [protected variables](../variables/index.md#protected-cicd-variables) or [CI/CD secrets](../secrets/index.md).
 - [Manual pipeline variables](../variables/index.md#override-a-defined-cicd-variable)
   and [scheduled pipeline variables](../pipelines/schedules.md#add-a-pipeline-schedule)
   are not passed to downstream pipelines by default. Use [trigger:forward](#triggerforward)
diff --git a/doc/development/dangerbot.md b/doc/development/dangerbot.md
index 28609153ed3..9a48f10bf06 100644
--- a/doc/development/dangerbot.md
+++ b/doc/development/dangerbot.md
@@ -201,5 +201,5 @@ Contributors can configure Danger for their forks with the following steps:
 to your fork that has the `api` scope set.
 1. Making the variable [masked](../ci/variables/index.md#mask-a-cicd-variable) makes sure it
 doesn't show up in the job logs. The variable cannot be
-[protected](../ci/variables/index.md#protect-a-cicd-variable), as it needs
+[protected](../ci/variables/index.md#protected-cicd-variables), as it needs
 to be present for all feature branches.
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index e2faab8cc67..270686b3cd3 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -1271,7 +1271,7 @@ This sensitive data must be handled carefully to avoid leaks which could lead to
 - Never commit credentials to repositories.
   - The [Gitleaks Git hook](https://gitlab.com/gitlab-com/gl-security/security-research/gitleaks-endpoint-installer) is recommended for preventing credentials from being committed.
 - Never log credentials under any circumstance. Issue [#353857](https://gitlab.com/gitlab-org/gitlab/-/issues/353857) is an example of credential leaks through log file.
-- When credentials are required in a CI/CD job, use [masked variables](../ci/variables/index.md#mask-a-cicd-variable) to help prevent accidental exposure in the job logs. Be aware that when [debug logging](../ci/variables/index.md#debug-logging) is enabled, all masked CI/CD variables are visible in job logs. Also consider using [protected variables](../ci/variables/index.md#protect-a-cicd-variable) when possible so that sensitive CI/CD variables are only available to pipelines running on protected branches or protected tags.
+- When credentials are required in a CI/CD job, use [masked variables](../ci/variables/index.md#mask-a-cicd-variable) to help prevent accidental exposure in the job logs. Be aware that when [debug logging](../ci/variables/index.md#debug-logging) is enabled, all masked CI/CD variables are visible in job logs. Also consider using [protected variables](../ci/variables/index.md#protected-cicd-variables) when possible so that sensitive CI/CD variables are only available to pipelines running on protected branches or protected tags.
 - Proper scanners must be enabled depending on what data those credentials are protecting. See the [Application Security Inventory Policy](https://about.gitlab.com/handbook/engineering/security/security-engineering-and-research/application-security/inventory.html#policies) and our [Data Classification Standards](https://about.gitlab.com/handbook/engineering/security/data-classification-standard.html#data-classification-standards).
 - To store and/or share credentials between teams, refer to [1Password for Teams](https://about.gitlab.com/handbook/security/#1password-for-teams) and follow [the 1Password Guidelines](https://about.gitlab.com/handbook/security/#1password-guidelines).
 - If you need to share a secret with a team member, use 1Password. Do not share a secret over email, Slack, or other service on the Internet.
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index 8410df44e0b..170d3cf4c90 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -170,7 +170,7 @@ For the value set for GitLab.com, see [Scheduled job archiving](../../gitlab_com
 ## Protect CI/CD variables by default
 
 To set all new [CI/CD variables](../../../ci/variables/index.md) as
-[protected](../../../ci/variables/index.md#protect-a-cicd-variable) by default:
+[protected](../../../ci/variables/index.md#protected-cicd-variables) by default:
 
 1. On the top bar, select **Menu > Admin**.
 1. On the left sidebar, select **Settings > CI/CD**.
diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md
index a2172b72572..73ccb58dfed 100644
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -506,7 +506,7 @@ example:
 }
 ```
 
-If credentials are required to authenticate then you can configure a [protected CI/CD variable](../../../ci/variables/index.md#protect-a-cicd-variable)
+If credentials are required to authenticate then you can configure a [protected CI/CD variable](../../../ci/variables/index.md#protected-cicd-variables)
 following the naming convention described in the [`CONAN_LOGIN_USERNAME` documentation](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name).
 
 #### Custom root certificates for Conan
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md b/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md
index c24afc3d2b4..ef7c4637607 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/runner.md
@@ -35,7 +35,7 @@ These values can be specified using [CI/CD variables](../../../../../ci/variable
 
 The methods of specifying these values are mutually exclusive. Either specify variables `GITLAB_RUNNER_REGISTRATION_TOKEN` and `CI_SERVER_URL` as CI variables (recommended) or provide values for `runnerRegistrationToken:` and `gitlabUrl:` in `applications/gitlab-runner/values.yaml.gotmpl`.
 
-The runner registration token allows connection to a project by a runner and therefore should be treated as a secret to prevent malicious use and code exfiltration through a runner. For this reason, we recommend that you specify the runner registration token as a [protected variable](../../../../../ci/variables/index.md#protect-a-cicd-variable) and [masked variable](../../../../../ci/variables/index.md#mask-a-cicd-variable) and do not commit them to the Git repository in the `values.yaml.gotmpl` file.
+The runner registration token allows connection to a project by a runner and therefore should be treated as a secret to prevent malicious use and code exfiltration through a runner. For this reason, we recommend that you specify the runner registration token as a [protected variable](../../../../../ci/variables/index.md#protected-cicd-variables) and [masked variable](../../../../../ci/variables/index.md#mask-a-cicd-variable) and do not commit them to the Git repository in the `values.yaml.gotmpl` file.
 
 You can customize the installation of GitLab Runner by defining
 `applications/gitlab-runner/values.yaml.gotmpl` file in your cluster
diff --git a/lib/tasks/gitlab/tw/codeowners.rake b/lib/tasks/gitlab/tw/codeowners.rake
index 0aed017c84a..2eedbfa1a3e 100644
--- a/lib/tasks/gitlab/tw/codeowners.rake
+++ b/lib/tasks/gitlab/tw/codeowners.rake
@@ -17,16 +17,16 @@ namespace :tw do
       CodeOwnerRule.new('Code Review', '@aqualls'),
       CodeOwnerRule.new('Compliance', '@eread'),
       CodeOwnerRule.new('Composition Analysis', '@rdickenson'),
-      CodeOwnerRule.new('Configure', '@marcia'),
+      CodeOwnerRule.new('Configure', '@sselhorn'),
       CodeOwnerRule.new('Container Security', '@claytoncornell'),
       CodeOwnerRule.new('Contributor Experience', '@eread'),
       CodeOwnerRule.new('Conversion', '@kpaizee'),
-      CodeOwnerRule.new('Database', '@marcia'),
-      CodeOwnerRule.new('Development', '@marcia'),
+      CodeOwnerRule.new('Database', '@aqualls'),
+      CodeOwnerRule.new('Development', '@sselhorn'),
       CodeOwnerRule.new('Distribution', '@axil'),
       CodeOwnerRule.new('Distribution (Charts)', '@axil'),
       CodeOwnerRule.new('Distribution (Omnibus)', '@axil'),
-      CodeOwnerRule.new('Documentation Guidelines', '@cnorris'),
+      CodeOwnerRule.new('Documentation Guidelines', '@sselhorn'),
       CodeOwnerRule.new('Dynamic Analysis', '@rdickenson'),
       CodeOwnerRule.new('Ecosystem', '@kpaizee'),
       CodeOwnerRule.new('Editor', '@aqualls'),
@@ -35,13 +35,13 @@ namespace :tw do
       CodeOwnerRule.new('Fuzz Testing', '@rdickenson'),
       CodeOwnerRule.new('Geo', '@axil'),
       CodeOwnerRule.new('Gitaly', '@eread'),
-      CodeOwnerRule.new('Global Search', '@marcia'),
+      CodeOwnerRule.new('Global Search', '@sselhorn'),
       CodeOwnerRule.new('Import', '@eread'),
-      CodeOwnerRule.new('Infrastructure', '@marcia'),
+      CodeOwnerRule.new('Infrastructure', '@sselhorn'),
       CodeOwnerRule.new('Integrations', '@kpaizee'),
       CodeOwnerRule.new('Knowledge', '@aqualls'),
       CodeOwnerRule.new('License', '@sselhorn'),
-      CodeOwnerRule.new('Memory', '@marcia'),
+      CodeOwnerRule.new('Memory', '@sselhorn'),
       CodeOwnerRule.new('Monitor', '@msedlakjakubowski'),
       CodeOwnerRule.new('Observability', 'msedlakjakubowski'),
       CodeOwnerRule.new('Optimize', '@fneill'),
@@ -59,7 +59,7 @@ namespace :tw do
       CodeOwnerRule.new('Release', '@rdickenson'),
       CodeOwnerRule.new('Respond', '@msedlakjakubowski'),
       CodeOwnerRule.new('Runner', '@sselhorn'),
-      CodeOwnerRule.new('Sharding', '@marcia'),
+      CodeOwnerRule.new('Sharding', '@sselhorn'),
       CodeOwnerRule.new('Source Code', '@aqualls'),
       CodeOwnerRule.new('Static Analysis', '@rdickenson'),
       CodeOwnerRule.new('Static Site Editor', '@aqualls'),