add documentation

docs/modules/secret-operator/examples/secretclass-tls-key-length.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: secrets.stackable.tech/v1alpha1
+kind: SecretClass
+metadata:
+  name: tls
+spec:
+  backend:
+    autoTls:
+      ca:
+        secret:
+          name: secret-provisioner-tls-ca
+          namespace: default
+        keyGeneration: # <1>
+          rsa: # <2>
+            length: 4096 # <3>

docs/modules/secret-operator/pages/secretclass.adoc

@@ -38,6 +38,21 @@ CAUTION: Attributes of the certificate (such as the expiration date, fingerprint
 
 xref:scope.adoc[Scopes] are used to populate the claims (such as `subjectAlternateName`) of the provisioned certificates.
 
+[#backend-tls-key-length]
+=== `TLS key length`
+
+Currently, only RSA is supported in the `autoTls` backend. You can however configure the key length for generated private keys or certs.
+
+----
+include::example$secretclass-tls-key-length.yaml[]
+----
+<1> `autoTls.ca.keyGeneration` specifies which algorithm and additional parameters are used
+<2> `autoTls.ca.keyGeneration.rsa` specifies the RSA algorithm
+<3> `autoTls.ca.keyGeneration.rsa.length` specifies the amount of bits used for key or certs. Currently `2048`, `4096` and `8192` are supported.
+
+CAUTION: Using a key length higher than `2048` will significantly increase the computation time. If options higher than `2048` are choosen, the CPU 
+         resources for the secret operator should be increased in order to avoid pods waiting for the computation of their key.
+
 ==== Certificate lifetime
 
 By default the Secret Operator will generally aim to use as short-lived certificates as possible.