From fb7a2cc4cc7f0b49cabeec08d4ceb2dd2350e945 Mon Sep 17 00:00:00 2001
From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com>
Date: Wed, 3 Aug 2022 11:41:19 +0200
Subject: [PATCH] Update doc for setting `macaroon_secret_key` (#13443)

* Update doc for setting `macaroon_secret_key`

* newsfile
---
 changelog.d/13443.doc                            |  1 +
 docs/usage/configuration/config_documentation.md | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 changelog.d/13443.doc

diff --git a/changelog.d/13443.doc b/changelog.d/13443.doc
new file mode 100644
index 000000000..0db5d1b3b
--- /dev/null
+++ b/changelog.d/13443.doc
@@ -0,0 +1 @@
+Update documentation for config setting `macaroon_secret_key`.
\ No newline at end of file
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
index 2e2e59195..3a9466a83 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -2495,9 +2495,13 @@ track_appservice_user_ips: true
 ---
 ### `macaroon_secret_key`
 
-A secret which is used to sign access tokens. If none is specified,
-the `registration_shared_secret` is used, if one is given; otherwise,
-a secret key is derived from the signing key.
+A secret which is used to sign
+- access token for guest users,
+- short-term login token used during SSO logins (OIDC or SAML2) and
+- token used for unsubscribing from email notifications.
+
+If none is specified, the `registration_shared_secret` is used, if one is given;
+otherwise, a secret key is derived from the signing key.
 
 Example configuration:
 ```yaml