From c16384d2f39cf26d6e3926b7d7e0942ce63c5eca Mon Sep 17 00:00:00 2001
From: "Kai A. Hiller" <git@kaialexhiller.de>
Date: Mon, 21 Jul 2025 18:10:14 +0200
Subject: [PATCH] docs: Remove requirement for arbitrary KIDs

---
 docs/reference/configuration.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md
index 4dad3d6a0..b3b6f6f31 100644
--- a/docs/reference/configuration.md
+++ b/docs/reference/configuration.md
@@ -257,8 +257,10 @@ The following key types are supported:
 - ECDSA with the P-384 (`secp384r1`) curve
 - ECDSA with the K-256 (`secp256k1`) curve
 
-Each entry must have a unique (and arbitrary) `kid`, plus the key itself.
-The key can either be specified inline (with the `key` property), or loaded from a file (with the `key_file` property).
+Each entry must have a unique `kid`, plus the key itself. The `kid` can be any
+case-sensitive string value as long as it is unique to this list; `kid` values
+must not be stable across restarts. The key can either be specified inline (with
+the `key` property), or loaded from a file (with the `key_file` property).
 The following key formats are supported:
 
 - PKCS#1 PEM or DER-encoded RSA private key