From c7df3732e3e90bb9b350b2a030b3ef8907aa586d Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 27 Apr 2021 22:04:35 -0400
Subject: [PATCH 1/2] Document Single SSSS.

---
 content/client-server-api/modules/secrets.md | 24 +++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/content/client-server-api/modules/secrets.md b/content/client-server-api/modules/secrets.md
index b4ae8c02..897ea196 100644
--- a/content/client-server-api/modules/secrets.md
+++ b/content/client-server-api/modules/secrets.md
@@ -42,7 +42,7 @@ passphrases](#deriving-keys-from-passphrases).
 
 | Parameter  | Type      | Description
 |------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------|
-| name       | string    | **Required.** The name of the key.                                                                                                  |
+| name       | string    | Optional. The name of the key. If not given, the client may use a generic name such as "Unnamed key", or "Default key" if the key is marked as the default key (see below). |
 | algorithm  | string    | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported.   |
 | passphrase | string    | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property.                   |
 
@@ -56,6 +56,18 @@ will be used to encrypt all secrets that the user would expect to be
 available on all their clients. Unless the user specifies otherwise,
 clients will try to use the default key to decrypt secrets.
 
+Clients that want to present a simplified interface to users by not supporting
+multiple keys should use the default key if one is specified. If not default
+key is specified, the client may behave as if there is no key is present at
+all. When such a client creates a key, it should mark that key as being the
+default key.
+
+`DefaultKey`
+
+| Parameter  | Type      | Description
+|------------|-----------|------------------------------------------|
+| key        | string    | **Required.** The ID of the default key. |
+
 ##### Secret storage
 
 Encrypted data is stored in the user's account\_data using the event
@@ -118,6 +130,16 @@ and the key descriptions for the keys would be:
 }
 ```
 
+If `key_id_1` is the default key, then we also have:
+
+`m.secret_storage.default_key`:
+
+```
+{
+  "key": "key_id_1"
+}
+```
+
 ###### `m.secret_storage.v1.aes-hmac-sha2`
 
 Secrets encrypted using the `m.secret_storage.v1.aes-hmac-sha2`

From 9852a0b8dbfdf855e0bdabfbfe0df1b50c70238b Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 27 Apr 2021 22:07:57 -0400
Subject: [PATCH 2/2] add changelog

---
 changelogs/client_server/newsfragments/3151.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelogs/client_server/newsfragments/3151.feature

diff --git a/changelogs/client_server/newsfragments/3151.feature b/changelogs/client_server/newsfragments/3151.feature
new file mode 100644
index 00000000..a6aa98e9
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3151.feature
@@ -0,0 +1 @@
+Document how clients can simplify usage of Secure Secret Storage ([MSC2874](https://github.com/uhoreg/matrix-doc/pull/new/single_ssss_spec)).