From c7394285917bf8a879ea3a4eecff58c1462349c0 Mon Sep 17 00:00:00 2001
From: HuKeping <hukeping@huawei.com>
Date: Wed, 27 Jan 2016 18:10:58 +0800
Subject: [PATCH] [PATCH 4/4] Add docs for notary mysql

This patch add the recommendation to guide people deploying a more
secure MySQL for notary.

Signed-off-by: Hu Keping <hukeping@huawei.com>
---
 docs/notary-mysql.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/notary-mysql.md

diff --git a/docs/notary-mysql.md b/docs/notary-mysql.md
new file mode 100644
index 0000000000..b5d6c7e8ec
--- /dev/null
+++ b/docs/notary-mysql.md
@@ -0,0 +1,23 @@
+<!--[metadata]>
++++
+title = "Notary MySQL"
+description = "Description of the Notary MySQL"
+keywords = ["docker, notary, notary-mysql"]
+[menu.main]
+parent="mn_notary"
++++
+<![end-metadata]-->
+
+# Notary MySQL
+
+The Notary MySQL is one of the backends for [Notary Server](notary-server.md) and
+[Notary Signer](notary-signer.md).
+
+### Recommendation
+For security, especially in production deployments, one should create users
+with restricted permissions and separate databases for the `server` and
+`signer` since the `signer` only needs the `private_keys` table, and the
+`server` only needs `timestamp_keys` and `tuf_files`.
+
+We use such a setup in our compose file to provide people with more accurate
+guidance in deploying their own instances.