From 772e4265bda8668fe24b9aabb9ad29d3d0baf7bd Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Tue, 2 Nov 2021 10:24:06 -0400
Subject: [PATCH] doc/cephadm/operations: document 'ceph orch daemon
 rotate-key'

Signed-off-by: Sage Weil <sage@newdream.net>
---
 doc/cephadm/operations.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/cephadm/operations.rst b/doc/cephadm/operations.rst
index 4d6f033f24c..5d8fdaca840 100644
--- a/doc/cephadm/operations.rst
+++ b/doc/cephadm/operations.rst
@@ -87,6 +87,21 @@ file but will not trigger a restart of the daemon.
    ceph orch daemon reconfig <name>
 
 
+Rotating a daemon's authenticate key
+------------------------------------
+
+All Ceph and gateway daemons in the cluster have a secret key that is used to connect
+to and authenticate with the cluster.  This key can be rotated (i.e., replaced with a
+new key) with the following command:
+
+.. prompt:: bash #
+
+   ceph orch daemon rotate-key <name>
+
+For MDS, OSD, and MGR daemons, this does not require a daemon restart.  For other
+daemons, however (e.g., RGW), the daemon may be restarted to switch to the new key.
+
+
 Ceph daemon logs
 ================