[DOCS] key rejection is not mentioned in the guides when AES key rotation situations happens

[rawmind]

Description
Is not obvious that key rejection causes AES rotation for publications.

Suggested Fix

https://docs.saltproject.io/en/latest/topics/tutorials/intro_scale.html#too-many-minions-re-authing

The Salt Master generates a new AES key to encrypt its publications at certain events such as a Master restart or the removal of a Minion key. If you are encountering this problem of too many minions re-authing against the Master, you will need to recalibrate your setup to reduce the rate of events like a Master restart or Minion key removal (salt-key -d).

TO

The Salt Master generates a new AES key to encrypt its publications at certain events such as a Master restart or the removal/rejection of a Minion key. If you are encountering this problem of too many minions re-authing against the Master, you will need to recalibrate your setup to reduce the rate of events like a Master restart, Minion key removal (salt-key -d) or Minion key rejection (salt-key -r).

https://docs.saltproject.io/en/getstarted/system/communication.html in "ROTATING SECURITY KEYS"

A rotating AES key is used to encrypt jobs that are sent to the Salt minion by the Salt master, and to encrypt connections to the Salt master fileserver. A new key is generated and used each time the Salt master restarts and each time a Salt minion key is deleted using the salt-key command.

TO

A rotating AES key is used to encrypt jobs that are sent to the Salt minion by the Salt master, and to encrypt connections to the Salt master fileserver. A new key is generated and used each time the Salt master restarts and each time a Salt minion key is deleted/rejected using the salt-key command.

https://docs.saltproject.io/en/latest/ref/cli/salt-key.html

Add a huge warning and backlinking to performance guide for key removal/rejection sections

Type of documentation
Guides

Location or format of documentation
https://docs.saltproject.io/en/getstarted/system/communication.html
https://docs.saltproject.io/en/latest/topics/tutorials/intro_scale.html#too-many-minions-re-authing
https://docs.saltproject.io/en/latest/ref/cli/salt-key.html

Additional context

[shashwatpandeyvns]

Hi, I was trying to contribute to the project. Still, I couldn't be able to find the file location of "https://docs.saltproject.io/en/getstarted/system/communication.html": "ROTATING SECURITY KEYS", also could you please explain to me this one as well"Add a huge warning and backlinking to performance guide for key removal/rejection sections".

[rawmind]

@shashwatpandeyvns It would be nice to have a warning about performance consequences when a user wants to delete/reject the key. For instance, we can improve this doc https://docs.saltproject.io/en/latest/ref/cli/salt-key.html (I think it's https://github.com/saltstack/salt/blob/master/doc/man/salt-key.1 file) for every corresponding operation:

For example, we can change it

-r REJECT, --reject=REJECT
Reject the specified public key (use --include-all to match accepted keys in addition to pending keys). Globs are supported.

to

-r REJECT, --reject=REJECT
Reject the specified public key (use --include-all to match accepted keys in addition to pending keys). Globs are supported.
It may cause dramatic performance salt-msater degradation. See [performance guide](https://docs.saltproject.io/en/latest/topics/tutorials/intro_scale.html#too-many-minions-re-authing) for details

[rawmind]

@shashwatpandeyvns At a glance https://docs.saltproject.io/en/getstarted/system/communication.html source is here: https://github.com/saltstack/salt-get-started/blob/7d87b3323913e9b5191fee739d52894ac6ed3811/system/communication.md

[shashwatpandeyvns]

@rawmind Thank you so much for helping me out. I still have an issue with the "https://github.com/saltstack/salt/blob/master/doc/man/salt-key.1" source file, I couldn't able to understand how backlinks can be added. Please guide me.

[rawmind]

@shashwatpandeyvns it's not a source. See the header comment: .\" Man page generated from reStructuredText. It's a derivative from https://github.com/saltstack/salt/blob/master/doc/ref/cli/salt-key.rst

Please see the guide

[shashwatpandeyvns]

@rawmind Hi, I have created a pull request for this issue #63469. Please review and recommend changes if required.

[rawmind]

@shashwatpandeyvns could you link the PR?

[rawmind]

@shashwatpandeyvns just Also i'd like to note I'm not a part of salt project team I can't approve PRs. Maybe @barbaricyawps can do it?

[rawmind]

PR: #63610