cli/reindex: destroy stashed session keys when --decrypt=false

[notmuch] / doc / man1 / notmuch-reindex.rst

diff --git a/doc/man1/notmuch-reindex.rst b/doc/man1/notmuch-reindex.rst
index 21f6c7a91201a0ad77147ffa652d58712235883f..e8174f3995f007025b71822a8a5b2307501edee7 100644 (file)
--- a/doc/man1/notmuch-reindex.rst
+++ b/doc/man1/notmuch-reindex.rst
@@ -21,17 +21,25 @@ messages using the supplied options.
 
 Supported options for **reindex** include
 
-    ``--try-decrypt=(true|false)``
+    ``--decrypt=(true|auto|false)``
 
-        If true, when encountering an encrypted message, try to
-        decrypt it while reindexing.  If decryption is successful,
-        index the cleartext itself.  Be aware that the index is likely
-        sufficient to reconstruct the cleartext of the message itself,
-        so please ensure that the notmuch message index is adequately
-        protected. DO NOT USE ``--try-decrypt=true`` without
-        considering the security of your index.
+        If ``true``, when encountering an encrypted message, try to
+        decrypt it while reindexing.  If ``auto``, and notmuch already
+        knows about a session key for the message, it will try
+        decrypting using that session key but will not try to access
+        the user's secret keys.  If decryption is successful, index
+        the cleartext itself.
 
-        See also ``index.try_decrypt`` in **notmuch-config(1)**.
+        If ``false``, notmuch reindex will also delete any stashed
+        session keys for all messages matching the search terms.
+
+        Be aware that the index is likely sufficient to reconstruct
+        the cleartext of the message itself, so please ensure that the
+        notmuch message index is adequately protected. DO NOT USE
+        ``--decrypt=true`` without considering the security of your
+        index.
+
+        See also ``index.decrypt`` in **notmuch-config(1)**.
 
 SEE ALSO
 ========