From 58ccb4c08006d1cf2a3f349e592019d2d3e5deca Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 8 Apr 2022 18:26:13 +0300
Subject: docs: document user_ca_pubkey

Sponsored-by: author
---
 README.md   | 2 ++
 tutorial.md | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 14a00fb..b9fd6db 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,8 @@ Explanation:
   - the `user_pub` variable contains an SSH public key that gets
     installed into the `root` user `authorized_keys` file on the
     installed system by the standard playbook
+  - the `user_ca_pubkey` variable contains public key for an SSH CA
+    whose user certificates are to be trusted
 
 With all this configuration in a file, which you can keep in git, you
 can install a base system repeatedly to a specific computer, and do it
diff --git a/tutorial.md b/tutorial.md
index e9bbee2..5e3d6ed 100644
--- a/tutorial.md
+++ b/tutorial.md
@@ -88,6 +88,8 @@ The steps:
     ansible_vars:
       user_pub: |
        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+      user_ca_pubkey: |
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdSnGI91exKItWsZi0XFVQWluS0FUdd12FLjuQk1FxG liw User CA v1
     extra_lvs:
       - name: vms
         size: 1T
-- 
cgit v1.2.1