From 5bc751925d19c8b84ef12873bebba78ee61e605e Mon Sep 17 00:00:00 2001
From: "Jakob L. Kreuze" <zerodaysfordays@sdf.lonestar.org>
Date: Mon, 29 Jul 2019 18:36:01 -0400
Subject: doc: Add note about signing keys.

* doc/guix.texi (Invoking guix deploy): Add note explaining that
deployment targets must authorize the coordinator machine's signing key.
---
 doc/guix.texi | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'doc/guix.texi')

diff --git a/doc/guix.texi b/doc/guix.texi
index cb60d5c7b7..5d274e02fe 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25530,6 +25530,22 @@ complex deployment may involve, for example, starting virtual machines through
 a Virtual Private Server (VPS) provider.  In such a case, a different
 @var{environment} type would be used.
 
+Do note that you first need to generate a key pair on the coordinator machine
+to allow the daemon to export signed archives of files from the store
+(@pxref{Invoking guix archive}).
+
+@example
+# guix archive --generate-key
+@end example
+
+@noindent
+Each target machine must authorize the key of the master machine so that it
+accepts store items it receives from the coordinator:
+
+@example
+# guix archive --authorize < coordinator-public-key.txt
+@end example
+
 @deftp {Data Type} machine
 This is the data type representing a single machine in a heterogeneous Guix
 deployment.
-- 
cgit v1.2.3