From 5ca242018de10ac12916808938b3c80a3323eaaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 14 May 2025 23:16:59 +0200
Subject: [PATCH] doc/rl-next: add multiple-signatures

---
 doc/manual/rl-next/multiple-signatures.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 doc/manual/rl-next/multiple-signatures.md

diff --git a/doc/manual/rl-next/multiple-signatures.md b/doc/manual/rl-next/multiple-signatures.md
new file mode 100644
index 000000000..4493f4262
--- /dev/null
+++ b/doc/manual/rl-next/multiple-signatures.md
@@ -0,0 +1,15 @@
+---
+synopsis: "Multiple signatures support in store urls"
+issues:
+prs: [12976]
+---
+
+Added support for a `secretKeyFiles` URI parameter in Nix store URIs, allowing multiple signing key files to be specified as a comma-separated list.
+This enables signing paths with multiple keys. This helps with [RFC #149](https://github.com/NixOS/rfcs/pull/149) to enable binary cache key rotation in the NixOS infra.
+
+Example usage:
+
+```bash
+nix copy --to "file:///tmp/store?secret-keys=/tmp/key1,/tmp/key2" \
+  "$(nix build --print-out-paths nixpkgs#hello)"
+```