X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=blobdiff_plain;f=doc%2Fman1%2Fnotmuch-config.rst;h=773fd9da2cd735cbc38c5157c0ae158e3ded8012;hp=539199c20b385ddaf3efc8d687869f0845c8886f;hb=fccebbaeef1e4b6489425afb13f419543d53d285;hpb=886c0b1666478548485682fbcaa667bb3cc0f138

diff --git a/doc/man1/notmuch-config.rst b/doc/man1/notmuch-config.rst
index 539199c2..773fd9da 100644
--- a/doc/man1/notmuch-config.rst
+++ b/doc/man1/notmuch-config.rst
@@ -138,6 +138,33 @@ The available configuration items are described below.
 
         Default: ``gpg``.
 
+    **index.decrypt**
+
+        **[STORED IN DATABASE]**
+
+        One of ``false``, ``auto``, ``nostash``, or ``true``.
+
+        When indexing an encrypted e-mail message, if this variable is
+        set to ``true``, notmuch will try to decrypt the message and
+        index the cleartext, stashing a copy of any discovered session
+        keys for the message.  If ``auto``, it will try to index the
+        cleartext if a stashed session key is already known for the message
+        (e.g. from a previous copy), but will not try to access your
+        secret keys.  Use ``false`` to avoid decrypting even when a
+        stashed session key is already present.
+
+        ``nostash`` is the same as ``true`` except that it will not
+        stash newly-discovered session keys in the database.
+
+        Be aware that the notmuch index is likely sufficient (and a
+        stashed session key is certainly sufficient) to reconstruct
+        the cleartext of the message itself, so please ensure that the
+        notmuch message index is adequately protected.  DO NOT USE
+        ``index.decrypt=true`` or ``index.decrypt=nostash`` without
+        considering the security of your index.
+
+        Default: ``auto``.
+
     **built_with.<name>**
 
         Compile time feature <name>. Current possibilities include