From 20124afcd306e6920586075952cb1c98f7d4abaa Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <ace@haxalot.com>
Date: Thu, 27 Jan 2022 11:34:52 +0100
Subject: [PATCH] matrix-synapse: Update signing key documentation

As an alternative to !32
---
 charts/matrix-synapse/values.yaml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml
index 4d2162d..14ac08a 100644
--- a/charts/matrix-synapse/values.yaml
+++ b/charts/matrix-synapse/values.yaml
@@ -37,6 +37,12 @@ image:
 signingkey:
   ## Enable a Kubernetes job to generate and store a signing key if one does not
   ## exist.
+  ## If you have already run a Matrix server at some point on your domain then
+  ## you will want to keep the old signing key, either by using the `existingSecret`
+  ## configuration, or by including the old key under `extraConfig.old_signing_keys`
+  ##
+  ## If you lose your signing key then any federation traffic from your instance
+  ## might not be trusted any more by the wider network.
   ##
   job:
     enabled: true
@@ -53,7 +59,7 @@ signingkey:
 
   ## Specify an existing signing key secret, will need to be created in advance.
   ##
-  # existingSecret:
+  # existingSecret: secret-name
   # existingSecretKey: signing.key
 
   ## Resources to apply to the signing key generation job
@@ -127,6 +133,8 @@ config:
 ## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
 ##
 extraConfig: {}
+#  old_signing_keys:
+#    "ed25519:id": { key: "base64string", expired_ts: 123456789123 } 
 #  use_presence: false
 #  enable_search: false
 #  federation_domain_whitelist: