about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-11-20T17·51+0100
committerEelco Dolstra <edolstra@gmail.com>2017-11-20T17·51+0100
commit8df60b4ea8fab5fd3571e55de95a4b956f0f6105 (patch)
tree198953a29f0d0ac7e4cdc2e2cd74a918e4faa6be
parent4cde04f476fa0f61680f8e53fe81cc70923689fc (diff)
Document secret-key-files
-rw-r--r--doc/manual/command-ref/conf-file.xml19
1 files changed, 16 insertions, 3 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index c3a9cc56063a..868cca1da409 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -408,9 +408,9 @@ false</literal>.</para>
     any non-content-addressed path added or copied to the Nix store
     (e.g. when substituting from a binary cache) must have a valid
     signature, that is, be signed using one of the keys listed in
-    <option>trusted-public-keys</option>. Set to
-    <literal>false</literal> to disable signature
-    checking.</para></listitem>
+    <option>trusted-public-keys</option> or
+    <option>secret-key-files</option>. Set to <literal>false</literal>
+    to disable signature checking.</para></listitem>
 
   </varlistentry>
 
@@ -426,6 +426,19 @@ false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry><term><literal>secret-key-files</literal></term>
+
+    <listitem><para>A whitespace-separated list of files containing
+    secret (private) keys. These are used to sign locally-built
+    paths. They can be generated using <command>nix-store
+    --generate-binary-cache-key</command>. The corresponding public
+    key can be distributed to other users, who can add it to
+    <option>trusted-public-keys</option> in their
+    <filename>nix.conf</filename>.</para></listitem>
+
+  </varlistentry>
+
+
   <varlistentry><term><literal>http-connections</literal></term>
 
     <listitem><para>The maximum number of parallel TCP connections