From d2e9493397e1e1083a08bcf55813b543fd2d9037 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Mon, 4 Jan 2021 16:03:15 -0800
Subject: [PATCH 1/2] Add additional wording around LEMUR_ENCRYPTION_KEYS

---
 docs/administration.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/administration.rst b/docs/administration.rst
index bd0b5f96..c0bf006f 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -151,6 +151,14 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         to start. Multiple keys can be provided to facilitate key rotation. The first key in the list is used for
         encryption and all keys are tried for decryption until one works. Each key must be 32 URL safe base-64 encoded bytes.
 
+        Only fields of type `Vault` will be encrypted. At present, only the following fields are encrypted:
+        * `certificates.private_key`
+        * `pending_certificates.private_key`
+        * `dns_providers.credentials`
+        * `roles.password`
+
+        For implementation details, see `Vault` in `utils.py`.
+
         Running lemur create_config will securely generate a key for your configuration file.
         If you would like to generate your own, we recommend the following method:
 

From 3bb5c323efb1667e5e4efa844a478343aca492a6 Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Mon, 4 Jan 2021 16:13:07 -0800
Subject: [PATCH 2/2] Fix formatting

---
 docs/administration.rst | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index c0bf006f..59611c0f 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -151,13 +151,14 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         to start. Multiple keys can be provided to facilitate key rotation. The first key in the list is used for
         encryption and all keys are tried for decryption until one works. Each key must be 32 URL safe base-64 encoded bytes.
 
-        Only fields of type `Vault` will be encrypted. At present, only the following fields are encrypted:
-        * `certificates.private_key`
-        * `pending_certificates.private_key`
-        * `dns_providers.credentials`
-        * `roles.password`
+        Only fields of type ``Vault`` will be encrypted. At present, only the following fields are encrypted:
 
-        For implementation details, see `Vault` in `utils.py`.
+        * ``certificates.private_key``
+        * ``pending_certificates.private_key``
+        * ``dns_providers.credentials``
+        * ``roles.password``
+
+        For implementation details, see ``Vault`` in ``utils.py``.
 
         Running lemur create_config will securely generate a key for your configuration file.
         If you would like to generate your own, we recommend the following method: