adds redirects and merges settings

Author: ZPain8464

content/docs/reference/reference.json

@@ -1476,7 +1476,7 @@
   "signing-key": {
     "id": "signing-key",
     "title": "Signing Key",
-    "path": "/signing-key",
+    "path": "/signing-key-settings#signing-key",
     "description": "Signing Key is the key used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.",
     "services": [],
     "type": "string",
@@ -1485,7 +1485,7 @@
   "signing-key-file": {
     "id": "signing-key-file",
     "title": "Signing Key File",
-    "path": "/signing-key-file",
+    "path": "/signing-key-settings#signing-key-file",
     "description": "File path to a secret containing the signing key, used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.",
     "services": [],
     "type": "string",

content/docs/reference/signing-key-file.mdx

@@ -1,10 +1,11 @@
 ---
 # cSpell:ignore ecparam genkey noout QCN7adG2AmIK3UdHJvVJkldsUc6XeBRz83Z4rXX8Va4 ary66nrvA55TpaiWADq8b3O1CYIbvjqIHpXCY
 
-id: signing-key
-title: Signing Key
+id: signing-key-settings
+title: Signing Key Settings
+sidebar_label: Signing Key Settings
 description: |
-  Signing Key is one or more PEM-encoded private keys used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups. If multiple keys are provided only the first will be used for signing.
+  This page discusses the signing key settings Pomerium uses to sign the Pomerium JWT that's sent to upstream services to verify a user's identity.
 keywords:
   - reference
   - Signing Key
@@ -16,13 +17,13 @@ toc_max_heading_level: 2
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
-# Signing Key
+# Signing Key Settings
 
-## Summary
+## Signing Key
 
 **Signing Key** is one or more PEM-encoded private keys used to sign a user's attestation JWT, which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.
 
-## How to configure
+### How to configure
 
 <Tabs>
 <TabItem value="Core" label="Core">
@@ -104,3 +105,51 @@ To implement key rotation, follow a 3-step process:
 3. Remove the old key from the list.
 
 With sufficient time between the steps, this process should be resilient to caching of the JWKS endpoint by applications.
+
+## Signing Key File
+
+**Signing Key File** is the path to a file containing a [Signing Key](./signing-key).
+
+The signing key is the private key used to sign a user's attestation JWT, which can be consumed by upstream applications to pass along identifying user session information such as username, id, and groups.
+
+See [Signing Key](./signing-key) for more information.
+
+### How to configure
+
+<Tabs>
+<TabItem value="Core" label="Core">
+
+| **Config file keys** | **Environment variables** | **Type** | **Usage**    |
+| :------------------- | :------------------------ | :------- | :----------- |
+| `signing_key_file`   | `SIGNING_KEY_FILE`        | `string` | **optional** |
+
+### Examples
+
+Signing Key File is useful when deploying in environments that provide secret management like [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/).
+
+For example:
+
+```yaml
+signing_key_file: '/run/secrets/POMERIUM_SIGNING_KEY'
+```
+
+```bash
+SIGNING_KEY_FILE='/run/secrets/POMERIUM_SIGNING_KEY'
+```
+
+</TabItem>
+<TabItem value="Enterprise" label="Enterprise">
+
+`signing_key_file` is a bootstrap configuration setting and is not configurable in the Console.
+
+</TabItem>
+<TabItem value="Kubernetes" label="Kubernetes">
+
+| **Name**              | **Type** | **Usage**    |
+| :-------------------- | :------- | :----------- |
+| `secrets.signing_key` | `string` | **optional** |
+
+See Kubernetes [bootstrap secrets](/docs/k8s/reference#spec) for more information.
+
+</TabItem>
+</Tabs>

content/docs/reference/signing-key.mdx

@@ -462,6 +462,10 @@ https://0-20-0.docs.pomerium.com/category/guides https://0-20-0.docs.pomerium.co
 /docs/reference/x-forwarded-for-http-header /docs/reference/x-forwarded-for-settings#skip-xff-append
 /docs/reference/the-number-of-trusted-hops /docs/reference/x-forwarded-for-settings#xff-number-of-trusted-hops
 
+# Signing Key settings
+/docs/reference/signing-key /docs/reference/signing-key-settings#signing-key
+/docs/reference/signing-key-file /docs/reference/signing-key-settings#signing-key-file
+
 # Topics links - now concepts
 /docs/topics/auth-logs /docs/capabilities/audit-logs
 /docs/topics/single-sign-out.html /docs/capabilities/single-sign-out