cli/reindex: destroy stashed session keys when --decrypt=false

[notmuch] / doc / man1 / notmuch-reindex.rst

diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index 1ca10b6048f2d62fa1c77a1c8321e0bae305c203..e8174f3995f007025b71822a8a5b2307501edee7 100644 (file)
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -19,6 +19,28 @@ The **reindex** command searches for all messages matching the
 supplied search terms, and re-creates the full-text index on these
 messages using the supplied options.
 
 supplied search terms, and re-creates the full-text index on these
 messages using the supplied options.
 

+Supported options for **reindex** include
+
+    ``--decrypt=(true|auto|false)``
+
+        If ``true``, when encountering an encrypted message, try to
+        decrypt it while reindexing.  If ``auto``, and notmuch already
+        knows about a session key for the message, it will try
+        decrypting using that session key but will not try to access
+        the user's secret keys.  If decryption is successful, index
+        the cleartext itself.
+
+        If ``false``, notmuch reindex will also delete any stashed
+        session keys for all messages matching the search terms.
+
+        Be aware that the index is likely sufficient to reconstruct
+        the cleartext of the message itself, so please ensure that the
+        notmuch message index is adequately protected. DO NOT USE
+        ``--decrypt=true`` without considering the security of your
+        index.
+
+        See also ``index.decrypt`` in **notmuch-config(1)**.
+

 SEE ALSO
 ========
 
 SEE ALSO
 ========