crypto: add --decrypt=nostash to avoid stashing session keys

[notmuch] / doc / man1 / notmuch-insert.rst

diff --git a/doc/man1/notmuch-insert.rst b/doc/man1/notmuch-insert.rst
index 214f261ba6b00f95a3eb036f535c9ca992978708..1a3dfe98299ae21b6501de65cad97ef9f91a18bb 100644 (file)
--- a/doc/man1/notmuch-insert.rst
+++ b/doc/man1/notmuch-insert.rst
@@ -51,10 +51,10 @@ Supported options for **insert** include
     ``--no-hooks``
         Prevent hooks from being run.
 
-    ``--decrypt=(true|auto|false)``
+    ``--decrypt=(true|nostash|auto|false)``
 
         If ``true`` and the message is encrypted, try to decrypt the
-        message while indexing, storing any session keys discovered.
+        message while indexing, stashing any session keys discovered.
         If ``auto``, and notmuch already knows about a session key for
         the message, it will try decrypting using that session key but
         will not try to access the user's secret keys.  If decryption
@@ -62,11 +62,15 @@ Supported options for **insert** include
         message is always stored to disk in its original form
         (ciphertext).
 
-        Be aware that the index is likely sufficient to reconstruct
-        the cleartext of the message itself, so please ensure that the
+        ``nostash`` is the same as ``true`` except that it will not
+        stash newly-discovered session keys in the database.
+
+        Be aware that the index is likely sufficient (and a stashed
+        session key is certainly sufficient) to reconstruct the
+        cleartext of the message itself, so please ensure that the
         notmuch message index is adequately protected. DO NOT USE
-        ``--decrypt=true`` without considering the security of
-        your index.
+        ``--decrypt=true`` or ``--decrypt=nostash`` without
+        considering the security of your index.
 
         See also ``index.decrypt`` in **notmuch-config(1)**.