docs: add the new private-key-flags key to the documentation

canonical · Jun 30, 2023 · df190e1 · df190e1
1 parent 75f1570
commit df190e1
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/doc/netplan-yaml.md b/doc/netplan-yaml.md
@@ -2030,6 +2030,38 @@ consumer of that backend. Currently, this is only used with `NetworkManager`.
 
     > Defines the interface name for which this connection applies.
 
+  - **private-key-flags** (sequence of scalars) – since **0.107**
+
+    > Private key flags used by Network Manager. Possible values are:
+    > `agent-owned`, `not-saved` and `not-required`.
+    >
+    > `agent-owned`: a user-session secret agent is responsible for
+    > providing and storing this secret.
+    >
+    > `not-saved`: this secret should not be saved but should be
+    > requested from the user each time it is required.
+    >
+    > `not-required`: this flag hints that the secret is not required
+    > and should not be requested from the user.
+
+    Example:
+
+    ```yaml
+    network:
+      renderer: NetworkManager
+      tunnels:
+        wg0:
+          mode: wireguard
+          port: 5182
+          private-key-flags:
+            - agent-owned
+          peers:
+            - keys:
+                public: rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=
+              allowed-ips: [0.0.0.0/0, "2001:fe:ad:de:ad:be:ef:1/24"]
+              keepalive: 23
+              endpoint: 1.2.3.4:5
+      ```
   - **passthrough** (mapping) – since **0.102**
 
     > Can be used as a fallback mechanism to missing keyfile settings.