From ca37ada9e25ace41b6475c0cf0d90ff581ce2c41 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 27 Apr 2021 22:04:35 -0400
Subject: [PATCH 1/2] Document Single SSSS.

---
 content/client-server-api/modules/secrets.md | 24 +++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/content/client-server-api/modules/secrets.md b/content/client-server-api/modules/secrets.md
index b4ae8c027..897ea1964 100644
--- a/content/client-server-api/modules/secrets.md
+++ b/content/client-server-api/modules/secrets.md
@@ -42,7 +42,7 @@ passphrases](#deriving-keys-from-passphrases).
 
 | Parameter  | Type      | Description
 |------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------|
-| name       | string    | **Required.** The name of the key.                                                                                                  |
+| name       | string    | Optional. The name of the key. If not given, the client may use a generic name such as "Unnamed key", or "Default key" if the key is marked as the default key (see below). |
 | algorithm  | string    | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported.   |
 | passphrase | string    | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property.                   |
 
@@ -56,6 +56,18 @@ will be used to encrypt all secrets that the user would expect to be
 available on all their clients. Unless the user specifies otherwise,
 clients will try to use the default key to decrypt secrets.
 
+Clients that want to present a simplified interface to users by not supporting
+multiple keys should use the default key if one is specified. If not default
+key is specified, the client may behave as if there is no key is present at
+all. When such a client creates a key, it should mark that key as being the
+default key.
+
+`DefaultKey`
+
+| Parameter  | Type      | Description
+|------------|-----------|------------------------------------------|
+| key        | string    | **Required.** The ID of the default key. |
+
 ##### Secret storage
 
 Encrypted data is stored in the user's account\_data using the event
@@ -118,6 +130,16 @@ and the key descriptions for the keys would be:
 }
 ```
 
+If `key_id_1` is the default key, then we also have:
+
+`m.secret_storage.default_key`:
+
+```
+{
+  "key": "key_id_1"
+}
+```
+
 ###### `m.secret_storage.v1.aes-hmac-sha2`
 
 Secrets encrypted using the `m.secret_storage.v1.aes-hmac-sha2`

From b2cb2a3c20102ec646d54017ee8376b905cbcc13 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 27 Apr 2021 22:07:57 -0400
Subject: [PATCH 2/2] add changelog

---
 changelogs/client_server/newsfragments/3151.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelogs/client_server/newsfragments/3151.feature

diff --git a/changelogs/client_server/newsfragments/3151.feature b/changelogs/client_server/newsfragments/3151.feature
new file mode 100644
index 000000000..a6aa98e9f
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3151.feature
@@ -0,0 +1 @@
+Document how clients can simplify usage of Secure Secret Storage ([MSC2874](https://github.com/uhoreg/matrix-doc/pull/new/single_ssss_spec)).