From 5c9f9b6057cd14dd36ae71c83235006620ceddec Mon Sep 17 00:00:00 2001
From: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Date: Tue, 3 Dec 2024 10:32:53 -0600
Subject: [PATCH] docs: add allow_empty_principals to ssh_secret_backend_role
 docs (#2376)

---
 website/docs/r/ssh_secret_backend_role.html.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/docs/r/ssh_secret_backend_role.html.md b/website/docs/r/ssh_secret_backend_role.html.md
index a8acf1067..f7330667f 100644
--- a/website/docs/r/ssh_secret_backend_role.html.md
+++ b/website/docs/r/ssh_secret_backend_role.html.md
@@ -98,6 +98,10 @@ The following arguments are supported:
 * `not_before_duration` - (Optional) Specifies the duration by which to backdate the ValidAfter property.
   Uses [duration format strings](https://developer.hashicorp.com/vault/docs/concepts/duration-format).
 
+* `allow_empty_principals` - (Optional) Allow signing certificates with no
+  valid principals (e.g. any valid principal). For backwards compatibility
+  only. The default of false is highly recommended.
+
 
 ### Allowed User Key Configuration
 * `type` - (Required) The SSH public key type.