crypto: add --decrypt=nostash to avoid stashing session keys

[notmuch] / doc / man1 / notmuch-reindex.rst

diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index 477908713e89885f509c6ece7ec0ae15d5438cd5..8b3083cf41e97535a4e397ba4677078b8e2c71ad 100644 (file)
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -21,23 +21,27 @@ messages using the supplied options.
 
 Supported options for **reindex** include
 
-    ``--decrypt=(true|auto|false)``
+    ``--decrypt=(true|nostash|auto|false)``
 
         If ``true``, when encountering an encrypted message, try to
-        decrypt it while reindexing, storing any session keys
+        decrypt it while reindexing, stashing any session keys
         discovered.  If ``auto``, and notmuch already knows about a
         session key for the message, it will try decrypting using that
         session key but will not try to access the user's secret keys.
         If decryption is successful, index the cleartext itself.
 
+        ``nostash`` is the same as ``true`` except that it will not
+        stash newly-discovered session keys in the database.
+
         If ``false``, notmuch reindex will also delete any stashed
         session keys for all messages matching the search terms.
 
-        Be aware that the index is likely sufficient to reconstruct
-        the cleartext of the message itself, so please ensure that the
+        Be aware that the index is likely sufficient (and a stashed
+        session key is certainly sufficient) to reconstruct the
+        cleartext of the message itself, so please ensure that the
         notmuch message index is adequately protected. DO NOT USE
-        ``--decrypt=true`` without considering the security of your
-        index.
+        ``--decrypt=true`` or ``--decrypt=nostash`` without
+        considering the security of your index.
 
         See also ``index.decrypt`` in **notmuch-config(1)**.