diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
index f55cc10493..c5b4ff510e 100644
--- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
+++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
@@ -40,9 +40,13 @@ che.workspace.projects.storage.default.size=1Gi
 # This is to ensure that agent developers can use this directory to back up agent logs.
 che.workspace.logs.root_dir=/workspace_logs
 
-# Configures proxies used by runtimes powering workspaces.
+# Configures environment variable HTTP_PROXY to a specified value in containers powering workspaces.
 che.workspace.http_proxy=
+
+# Configures environment variable HTTPS_PROXY to a specified value in containers powering workspaces.
 che.workspace.https_proxy=
+
+# Configures environment variable NO_PROXY to a specified value in containers powering workspaces.
 che.workspace.no_proxy=
 
 # By default, when users access a workspace with its URL, the workspace
@@ -100,16 +104,22 @@ che.workspace.default_cpu_limit_cores=-1
 # Value less or equal to 0 is interpreted as disabling the limit.
 che.workspace.default_cpu_request_cores=-1
 
-# RAM limit and request for each sidecar that has no RAM settings in the {prod-short} plug-in configuration.
+# RAM limit for each sidecar that has no RAM settings in the {prod-short} plug-in configuration.
 # Value less or equal to 0 is interpreted as disabling the limit.
 che.workspace.sidecar.default_memory_limit_mb=128
+
+# RAM request for each sidecar that has no RAM settings in the {prod-short} plug-in configuration.
 che.workspace.sidecar.default_memory_request_mb=64
 
-# CPU limit and request default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration.
+# CPU limit default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration.
 # Specify either in floating point cores number, for example, `0.125`,
 # or using the Kubernetes format, integer millicores, for example, `125m`.
 # Value less or equal to 0 is interpreted as disabling the limit.
 che.workspace.sidecar.default_cpu_limit_cores=-1
+
+# CPU request default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration.
+# Specify either in floating point cores number, for example, `0.125`,
+# or using the Kubernetes format, integer millicores, for example, `125m`.
 che.workspace.sidecar.default_cpu_request_cores=-1
 
 # Defines image-pulling strategy for sidecars. Possible values are: `Always`,
@@ -135,10 +145,15 @@ che.workspace.activity_cleanup_scheduler_initial_delay_s=60
 # inactivity timeout.
 che.workspace.activity_check_scheduler_delay_s=180
 
-# Period of stopped temporary workspaces cleanup job execution.
+
+# Time period to delay the first execution of temporary workspaces cleanup job.
 che.workspace.cleanup_temporary_initial_delay_min=5
+
+# Time period delay between the termination of one execution and the commencement
+# of the next execution of temporary workspaces cleanup job
 che.workspace.cleanup_temporary_period_min=180
 
+
 # Number of sequential successful pings to server after which it is treated as available.
 # Note: the property is common for all servers e.g. workspace agent, terminal, exec etc.
 che.workspace.server.ping_success_threshold=1
@@ -176,18 +191,33 @@ che.auth.access_denied_error_page=/error-oauth
 # Reserved user names
 che.auth.reserved_user_names=
 
+# Configuration of GitHub OAuth client.
 # You can setup GitHub OAuth to automate authentication to remote repositories.
 # You need to first register this application with GitHub OAuth.
+# GitHub OAuth client ID.
 che.oauth.github.clientid=NULL
+
+# GitHub OAuth client secret.
 che.oauth.github.clientsecret=NULL
+
+# GitHub OAuth authorization URI.
 che.oauth.github.authuri= https://github.com/login/oauth/authorize
+
+# GitHub OAuth token URI.
 che.oauth.github.tokenuri= https://github.com/login/oauth/access_token
+
+# GitHub OAuth redirect URIs.
+# Separate multiple values with comma, for example: URI,URI,URI
 che.oauth.github.redirecturis= http://localhost:${CHE_PORT}/api/oauth/callback
 
 # Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token.
+# OpenShift OAuth client ID.
 che.oauth.openshift.clientid=NULL
+# OpenShift OAuth client secret.
 che.oauth.openshift.clientsecret=NULL
+# OpenShift OAuth endpoint.
 che.oauth.openshift.oauth_endpoint= NULL
+# OpenShift OAuth verification token URL.
 che.oauth.openshift.verify_token_url= NULL
 
 # Configuration of Bitbucket Server OAuth1 client. Used to obtain Personal access tokens.
@@ -208,18 +238,32 @@ che.oauth1.bitbucket.endpoint=NULL
 schedule.core_pool_size=10
 
 # DB initialization and migration configuration
+# If true, ignore scripts up to the version configured by baseline.version.
 db.schema.flyway.baseline.enabled=true
+
+# Scripts with version up to this are ignored.
+# Note that scripts with version equal to baseline version are also ignored.
 db.schema.flyway.baseline.version=5.0.0.8.1
+
+# Prefix of migration scripts.
 db.schema.flyway.scripts.prefix=
+
+# Suffix of migration scripts.
 db.schema.flyway.scripts.suffix=.sql
+
+# Separator of version from the other part of script name.
 db.schema.flyway.scripts.version_separator=__
+
+# Locations where to search migration scripts.
 db.schema.flyway.scripts.locations=classpath:che-schema
 
 ### Kubernetes Infra parameters
 
-# Configuration of Kubernetes client that Infra will use
+# Configuration of Kubernetes client master URL that Infra will use.
 che.infra.kubernetes.master_url=
-che.infra.kubernetes.trust_certs=
+
+# Boolean to configure Kubernetes client in order to use trusted certificates.
+che.infra.kubernetes.trust_certs=false
 
 # Defines the way how servers are exposed to the world in k8s infra.
 # List of strategies implemented in Che: default-host, multi-host, single-host
@@ -391,7 +435,10 @@ che.infra.kubernetes.pvc.wait_bound=true
 #
 # By default, installer will use own port, but if it conflicts with another installer servers
 # then OpenShift infrastructure will reconfigure installer to use first available from this range
+# Unused, will be removed.
 che.infra.kubernetes.installer_server_min_port=10000
+
+# Unused, will be removed.
 che.infra.kubernetes.installer_server_max_port=20000
 
 # Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingress
@@ -433,10 +480,14 @@ che.infra.kubernetes.ingress.path_transform=NULL
 # to allow clear identification.
 che.infra.kubernetes.ingress.labels=NULL
 
-# Defines security context for pods that will be created by Kubernetes Infra
-#
+# Defines security context for pods that will be created by Kubernetes Infra.
+# Specifies that for any Containers in the Pod, all processes run with given user ID.
 # This is ignored by OpenShift infra
 che.infra.kubernetes.pod.security_context.run_as_user=NULL
+
+# Defines security context for pods that will be created by Kubernetes Infra.
+# A special supplemental group that applies to all containers in a pod.
+# This is ignored by OpenShift infra.
 che.infra.kubernetes.pod.security_context.fs_group=NULL
 
 # Defines grace termination period for pods that will be created by Kubernetes / OpenShift infrastructures
@@ -446,15 +497,13 @@ che.infra.kubernetes.pod.security_context.fs_group=NULL
 # Note: if `terminationGracePeriodSeconds` have been explicitly set in Kubernetes / OpenShift recipe it will not be overridden.
 che.infra.kubernetes.pod.termination_grace_period_sec=0
 
-# Number of maximum concurrent async web requests
-# (http requests or ongoing  web socket calls)
-# supported in the underlying shared http client
-# of the `KubernetesClient` instances.
-# Default values are 64, and 5 per-host, which
-# doesn't seem correct for multi-user scenarios
-# knowing that Che keeps a number of connections
-# opened (e.g. for command or ws-agent logs)
+# Number of maximum concurrent async web requests (http requests or ongoing  web socket calls)
+# supported in the underlying shared http client of the `KubernetesClient` instances.
+# Default values are 64, and 5 per-host, which doesn't seem correct for multi-user scenarios,
+# knowing that Che keeps a number of connections opened (e.g. for command or ws-agent logs)
 che.infra.kubernetes.client.http.async_requests.max=1000
+
+# Number of maximum concurrent async web requests per host.
 che.infra.kubernetes.client.http.async_requests.max_per_host=1000
 
 # Max number of idle connections in the connection pool
@@ -474,10 +523,14 @@ che.infra.kubernetes.tls_enabled=false
 # Ignored by OpenShift infrastructure
 che.infra.kubernetes.tls_secret=
 
-# Data for TLS Secret that should be used for workspaces Ingresses
-# cert and key should be encoded with Base64 algorithm
-# These properties are ignored by OpenShift infrastructure
+# Key data for TLS Secret that should be used for workspaces Ingresses.
+# Key should be encoded with Base64 algorithm.
+# This property is ignored by OpenShift infrastructure.
 che.infra.kubernetes.tls_key=NULL
+
+# Certificate data for TLS Secret that should be used for workspaces Ingresses.
+# Certificate should be encoded with Base64 algorithm.
+# This property is ignored by OpenShift infrastructure.
 che.infra.kubernetes.tls_cert=NULL
 
 # Defines the period with which runtimes consistency checks will be performed.
@@ -507,7 +560,6 @@ che.infra.kubernetes.trusted_ca.src_configmap=NULL
 # Do not change the config map name unless it conflicts with the already existing config map.
 # Note that the resulting config map name can be adjusted eventually to make it unique in k8s namespace.
 # The original name would be stored in `che.original_name` label.
-
 che.infra.kubernetes.trusted_ca.dest_configmap=ca-certs
 
 # Configures path on workspace containers where the CA bundle should be mount.
@@ -554,12 +606,17 @@ che.infra.openshift.route.host.domain_suffix=NULL
 
 # Next properties are subject to changes and removal, so do not rely on them in a stable Che assembly
 
-# Docker image of Che plugin broker app that resolves workspace tooling configuration and copies
-# plugins dependencies to a workspace
-#
-# Note these images are overridden by the Che Operator by default; changing the images here will not
+# Docker image of plugin metadata broker.
+# This broker must be run prior to starting the workspaces pod, as its job is to provision required containers,
+# volumes, and environment variables for the workspace to be able to start with the installed plugins enabled.
+# Note this image is overridden by the Che Operator by default; changing the image here will not
 # have an effect if Che is installed via Operator.
 che.workspace.plugin_broker.metadata.image=quay.io/eclipse/che-plugin-metadata-broker:v3.4.0
+
+# Docker image of Che plugin artifacts broker.
+# This broker runs as an init container on the workspace pod. Its job is to take in a list of plugin identifiers
+# (either references to a plugin in the registry or a link to a plugin meta.yaml) and ensure that the correct .vsix
+# and .theia extenions are downloaded into the /plugins directory, for each plugin requested for the workspace.
 che.workspace.plugin_broker.artifacts.image=quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0
 
 # Configures the default behavior of the plugin brokers when provisioning plugins into a workspace.
@@ -625,14 +682,28 @@ che.workspace.storage.preferred_type=persistent
 #       So, servers will receive only authenticated ones.
 che.server.secure_exposer=jwtproxy
 
-# Jwtproxy issuer string, token lifetime and optional auth page path to route unsigned requests to.
+# JWTProxy issuer string.
 che.server.secure_exposer.jwtproxy.token.issuer=wsmaster
+
+# JWTProxy issuer token lifetime.
 che.server.secure_exposer.jwtproxy.token.ttl=8800h
+
+# Optional authentication page path to route unsigned requests to.
 che.server.secure_exposer.jwtproxy.auth.loader.path=/_app/loader.html
+
+# JWTProxy image.
 che.server.secure_exposer.jwtproxy.image=quay.io/eclipse/che-jwtproxy:0.10.0
+
+# JWTProxy memory request.
 che.server.secure_exposer.jwtproxy.memory_request=15mb
+
+# JWTProxy memory limit.
 che.server.secure_exposer.jwtproxy.memory_limit=128mb
+
+# JWTProxy CPU request.
 che.server.secure_exposer.jwtproxy.cpu_request=0.03
+
+# JWTProxy CPU limit.
 che.server.secure_exposer.jwtproxy.cpu_limit=0.5
 
 ### Configuration of major "/websocket" endpoint
@@ -664,11 +735,14 @@ che.cors.allow_credentials=false
 
 ### Factory defaults
 
-# Editor and plugin which will be used for factories which are created from remote git repository
-# which doesn't contain any Che-specific workspace descriptor
+# Editor that will be used for factories which are created from remote git repository
+# which doesn't contain any Che-specific workspace descriptor.
+che.factory.default_editor=eclipse/che-theia/next
+
+# Plugins that will be used for factories which are created from remote git repository
+# which doesn't contain any Che-specific workspace descriptor.
 # Multiple plugins must be comma-separated, for example:
 # pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion
-che.factory.default_editor=eclipse/che-theia/next
 che.factory.default_plugins=eclipse/che-machine-exec-plugin/nightly
 
 # Devfile filenames to look on repository-based factories (like GitHub etc).
diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties
index 0f1f135a6a..2d0493dfcd 100644
--- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties
+++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties
@@ -88,17 +88,28 @@ che.mail.from_email_address=che@noreply.com
 
 ### Organizations notifications settings
 
-# Organization notifications sunjects and templates
+# `You've been added to a Che Organization` organization notification subject.
 che.organization.email.member_added_subject=You've been added to a Che Organization
+
+# `You've been added to a Che Organization` organization notification template.
 che.organization.email.member_added_template=st-html-templates/user_added_to_organization
 
+# `You've been removed from a Che Organization` organization notification subject.
 che.organization.email.member_removed_subject=You've been removed from a Che Organization
+
+# `You've been removed from a Che Organization` organization notification template.
 che.organization.email.member_removed_template=st-html-templates/user_removed_from_organization
 
+# `Che Organization deleted` organization notification subject.
 che.organization.email.org_removed_subject=Che Organization deleted
+
+# `Che Organization deleted` organization notification template.
 che.organization.email.org_removed_template=st-html-templates/organization_deleted
 
+# `Che Organization renamed` organization notification subject.
 che.organization.email.org_renamed_subject=Che Organization renamed
+
+# `Che Organization renamed` organization notification template.
 che.organization.email.org_renamed_template=st-html-templates/organization_renamed
 
 ### Multi-user-specific OpenShift infrastructure configuration