diff --git a/awx/main/credential_plugins/tss.py b/awx/main/credential_plugins/tss.py
index 2c8ab6a18a..41ab72c28e 100644
--- a/awx/main/credential_plugins/tss.py
+++ b/awx/main/credential_plugins/tss.py
@@ -8,19 +8,19 @@ tss_inputs = {
         {
             'id': 'server_url',
             'label': _('Secret Server URL'),
-            'help_text': _(''),
+            'help_text': _('The Base URL of Secret Server e.g. https://myserver/SecretServer or https://mytenant.secretservercloud.com'),
             'type': 'string',
         },
         {
             'id': 'username',
             'label': _('Username'),
-            'help_text': _(''),
+            'help_text': _('The (Application) user username'),
             'type': 'string',
         },
         {
             'id': 'password',
             'label': _('Password'),
-            'help_text': _(''),
+            'help_text': _('The corresponding password'),
             'type': 'string',
             'secret': True,
         },
@@ -29,17 +29,17 @@ tss_inputs = {
         {
             'id': 'secret_id',
             'label': _('Secret ID'),
-            'help_text': _(''),
+            'help_text': _('The integer ID of the secret'),
             'type': 'int',
         },
     ],
     'required': ['server_url', 'username', 'password', 'secret_id'],
 }
 
-
-def tss_backend(**kwargs):
-    authorizer = PasswordGrantAuthorizer(kwargs['server_url'], kwargs['username'], kwargs['password'])
-    return SecretServer(authorizer).get_secret(kwargs['secret_id'])
-
-
-tss_plugin = CredentialPlugin('Thycotic Secret Server', inputs=tss_inputs, backend=tss_backend)
+tss_plugin = CredentialPlugin(
+    'Thycotic Secret Server',
+    tss_inputs,
+    lambda **kwargs: SecretServer(
+        PasswordGrantAuthorizer(**{k: v for (k, v) in kwargs.items() if k in [field['id'] for field in tss_inputs['fields']]})
+    ).get_secret(kwargs['secret_id']),
+)