diff --git a/docs/reference/docs/reindex.asciidoc b/docs/reference/docs/reindex.asciidoc
index 2f6ddd344eaab..455410ad943a0 100644
--- a/docs/reference/docs/reindex.asciidoc
+++ b/docs/reference/docs/reindex.asciidoc
@@ -1132,91 +1132,4 @@ Reindex from remote supports configurable SSL settings. These must be
 specified in the `elasticsearch.yml` file, with the exception of the
 secure settings, which you add in the Elasticsearch keystore.
 It is not possible to configure SSL in the body of the `_reindex` request.
-
-The following settings are supported:
-
-`reindex.ssl.certificate_authorities`::
-List of paths to PEM encoded certificate files that should be trusted.
-You cannot specify both `reindex.ssl.certificate_authorities` and
-`reindex.ssl.truststore.path`.
-
-`reindex.ssl.truststore.path`::
-The path to the Java Keystore file that contains the certificates to trust.
-This keystore can be in "JKS" or "PKCS#12" format.
-You cannot specify both `reindex.ssl.certificate_authorities` and
-`reindex.ssl.truststore.path`.
-
-`reindex.ssl.truststore.password`::
-The password to the truststore (`reindex.ssl.truststore.path`).
-deprecated:[7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead.
-This setting cannot be used with `reindex.ssl.truststore.secure_password`.
-
-`reindex.ssl.truststore.secure_password` (<<secure-settings,Secure>>)::
-The password to the truststore (`reindex.ssl.truststore.path`).
-This setting cannot be used with `reindex.ssl.truststore.password`.
-
-`reindex.ssl.truststore.type`::
-The type of the truststore (`reindex.ssl.truststore.path`).
-Must be either `jks` or `PKCS12`. If the truststore path ends in ".p12", ".pfx"
-or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
-
-`reindex.ssl.verification_mode`::
-Indicates the type of verification to protect against man in the middle attacks
-and certificate forgery.
-One of `full` (verify the hostname and the certificate path), `certificate`
-(verify the certificate path, but not the hostname) or `none` (perform no
-verification - this is strongly discouraged in production environments).
-Defaults to `full`.
-
-`reindex.ssl.certificate`::
-Specifies the path to the PEM encoded certificate (or certificate chain) to be
-used for HTTP client authentication (if required by the remote cluster)
-This setting requires that `reindex.ssl.key` also be set.
-You cannot specify both `reindex.ssl.certificate` and `reindex.ssl.keystore.path`.
-
-`reindex.ssl.key`::
-Specifies the path to the PEM encoded private key associated with the
-certificate used for client authentication (`reindex.ssl.certificate`).
-You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
-
-`reindex.ssl.key_passphrase`::
-Specifies the passphrase to decrypt the PEM encoded private key
-(`reindex.ssl.key`) if it is encrypted.
-deprecated:[7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead.
-Cannot be used with `reindex.ssl.secure_key_passphrase`.
-
-`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
-Specifies the passphrase to decrypt the PEM encoded private key
-(`reindex.ssl.key`) if it is encrypted.
-Cannot be used with `reindex.ssl.key_passphrase`.
-
-`reindex.ssl.keystore.path`::
-Specifies the path to the keystore that contains a private key and certificate
-to be used for HTTP client authentication (if required by the remote cluster).
-This keystore can be in "JKS" or "PKCS#12" format.
-You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
-
-`reindex.ssl.keystore.type`::
-The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
-If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
-to `PKCS12`. Otherwise, it defaults to `jks`.
-
-`reindex.ssl.keystore.password`::
-The password to the keystore (`reindex.ssl.keystore.path`).
-deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead.
-This setting cannot be used with `reindex.ssl.keystore.secure_password`.
-
-`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
-The password to the keystore (`reindex.ssl.keystore.path`).
-This setting cannot be used with `reindex.ssl.keystore.password`.
-
-`reindex.ssl.keystore.key_password`::
-The password for the key in the keystore (`reindex.ssl.keystore.path`).
-Defaults to the keystore password.
-deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead.
-This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.
-
-`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
-The password for the key in the keystore (`reindex.ssl.keystore.path`).
-Defaults to the keystore password. This setting cannot be used with
-`reindex.ssl.keystore.key_password`.
+Refer to <<reindex-settings>>.
diff --git a/docs/reference/modules/indices/index_management.asciidoc b/docs/reference/modules/indices/index_management.asciidoc
index 5f7274b2271d0..7aea86bd5ac76 100644
--- a/docs/reference/modules/indices/index_management.asciidoc
+++ b/docs/reference/modules/indices/index_management.asciidoc
@@ -27,13 +27,6 @@ cannot close open indices. Defaults to `true`.
 +
 NOTE: Closed indices still consume a significant amount of disk space.
 
-[[reindex-remote-whitelist]]
-// tag::reindex-remote-whitelist[]
-`reindex.remote.whitelist` {ess-icon}::
-(<<static-cluster-setting,Static>>)
-Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
-// end::reindex-remote-whitelist[]
-
 [[stack-templates-enabled]]
 `stack.templates.enabled`::
 +
@@ -52,3 +45,101 @@ This setting also affects the following built-in component templates:
 
 include::{es-ref-dir}/indices/put-component-template.asciidoc[tag=built-in-component-templates]
 --
+
+
+[discrete]
+[[reindex-settings]]
+==== Reindex settings
+
+[[reindex-remote-whitelist]]
+// tag::reindex-remote-whitelist[]
+`reindex.remote.whitelist` {ess-icon}::
+(<<static-cluster-setting,Static>>)
+Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
+// end::reindex-remote-whitelist[]
+
+`reindex.ssl.certificate`::
+Specifies the path to the PEM encoded certificate (or certificate chain) to be
+used for HTTP client authentication (if required by the remote cluster)
+This setting requires that `reindex.ssl.key` also be set.
+You cannot specify both `reindex.ssl.certificate` and `reindex.ssl.keystore.path`.
+
+`reindex.ssl.certificate_authorities`::
+List of paths to PEM encoded certificate files that should be trusted.
+You cannot specify both `reindex.ssl.certificate_authorities` and
+`reindex.ssl.truststore.path`.
+
+`reindex.ssl.key`::
+Specifies the path to the PEM encoded private key associated with the
+certificate used for client authentication (`reindex.ssl.certificate`).
+You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
+
+`reindex.ssl.key_passphrase`::
+Specifies the passphrase to decrypt the PEM encoded private key
+(`reindex.ssl.key`) if it is encrypted.
+deprecated:[7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead.
+Cannot be used with `reindex.ssl.secure_key_passphrase`.
+
+`reindex.ssl.keystore.key_password`::
+The password for the key in the keystore (`reindex.ssl.keystore.path`).
+Defaults to the keystore password.
+deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead.
+This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.
+
+`reindex.ssl.keystore.password`::
+The password to the keystore (`reindex.ssl.keystore.path`).
+deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead.
+This setting cannot be used with `reindex.ssl.keystore.secure_password`.
+
+`reindex.ssl.keystore.path`::
+Specifies the path to the keystore that contains a private key and certificate
+to be used for HTTP client authentication (if required by the remote cluster).
+This keystore can be in "JKS" or "PKCS#12" format.
+You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
+
+`reindex.ssl.keystore.type`::
+The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
+If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
+to `PKCS12`. Otherwise, it defaults to `jks`.
+
+`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
+Specifies the passphrase to decrypt the PEM encoded private key
+(`reindex.ssl.key`) if it is encrypted.
+Cannot be used with `reindex.ssl.key_passphrase`.
+
+`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
+The password for the key in the keystore (`reindex.ssl.keystore.path`).
+Defaults to the keystore password. This setting cannot be used with
+`reindex.ssl.keystore.key_password`.
+
+`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
+The password to the keystore (`reindex.ssl.keystore.path`).
+This setting cannot be used with `reindex.ssl.keystore.password`.
+
+`reindex.ssl.truststore.password`::
+The password to the truststore (`reindex.ssl.truststore.path`).
+deprecated:[7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead.
+This setting cannot be used with `reindex.ssl.truststore.secure_password`.
+
+`reindex.ssl.truststore.path`::
+The path to the Java Keystore file that contains the certificates to trust.
+This keystore can be in "JKS" or "PKCS#12" format.
+You cannot specify both `reindex.ssl.certificate_authorities` and
+`reindex.ssl.truststore.path`.
+
+`reindex.ssl.truststore.secure_password` (<<secure-settings,Secure>>)::
+The password to the truststore (`reindex.ssl.truststore.path`).
+This setting cannot be used with `reindex.ssl.truststore.password`.
+
+`reindex.ssl.truststore.type`::
+The type of the truststore (`reindex.ssl.truststore.path`).
+Must be either `jks` or `PKCS12`. If the truststore path ends in ".p12", ".pfx"
+or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
+
+`reindex.ssl.verification_mode`::
+Indicates the type of verification to protect against man in the middle attacks
+and certificate forgery.
+One of `full` (verify the hostname and the certificate path), `certificate`
+(verify the certificate path, but not the hostname) or `none` (perform no
+verification - this is strongly discouraged in production environments).
+Defaults to `full`.
\ No newline at end of file