From 47dca14a37f9970f9c34b1210651eabaf46fba04 Mon Sep 17 00:00:00 2001
From: Rob Thomas <xrobau@gmail.com>
Date: Mon, 8 Oct 2018 12:03:59 +1000
Subject: Document 'options' param of ssh_authorized_key

I ended up having to trawl through the source code to figure out how to do this, so
I'm sure that someone ELSE would like to save their time by having it documented!
---
 REFERENCE.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index b72e9ee..6f80106 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -92,7 +92,17 @@ Default value: absent
 ##### `options`
 
 Key options; see sshd(8) for possible values. Multiple values
-should be specified as an array.
+should be specified as an array. For example, you could use the
+following to install a SSH CA that allows someone with the
+'superuser' principal to log in as root
+
+    ssh_authorized_key { 'Company SSH CA':
+      ensure  => present,
+      user    => 'root',
+      type    => 'ssh-ed25519',
+      key     => 'AAAAC3NzaC[...]CeA5kG',
+      options => [ 'cert-authority', 'principals="superuser"' ],
+    }
 
 #### Parameters
 
-- 
cgit v1.2.3