From 5b11d830610592991fa6110edd91bf4c928ee553 Mon Sep 17 00:00:00 2001
From: Alex van Poppelen <avanpo@google.com>
Date: Thu, 12 Dec 2024 13:51:14 -0800
Subject: [PATCH] Clarify the documentation surrounding authorized_key field.

---
 credentialz/credentialz.proto | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/credentialz/credentialz.proto b/credentialz/credentialz.proto
index b67721f..56c814d 100644
--- a/credentialz/credentialz.proto
+++ b/credentialz/credentialz.proto
@@ -442,18 +442,19 @@ enum KeyType {
   KEY_TYPE_ECDSA_P_384 = 7;
 }
 
-// AuthorizedKey is an ssh key/idenity. The basic openssh format follows:
-// ecdsa-sha2-nistp521 AAAkeystuffhere chuck@chuckfinley.org
-//   key_type         authorized_key    description
+// AuthorizedKey is an SSH key/idenity. The basic OpenSSH format follows:
+//   ecdsa-sha2-nistp521 AAAkeystuffhere chuck@chuckfinley.org
+//   key_type            authorized_key  description
 message AccountCredentials {
   message AuthorizedKey {
-    // authorized_key is a mandatory field, it is the string format ssh key
-    // stored as bytes in the message.
+    // Authorized key, in base64 string format (the second word of the OpenSSH
+    // format, i.e. `AAAkeystuffhere` in the above example). This field is
+    // mandatory.
     bytes authorized_key = 1;
     // Options specified for this authorized key.
     // Options are optional.
     repeated Option options = 2;
-    // Key encryption type, this is a mandatory field.
+    // Key algorithm, this is a mandatory field.
     KeyType key_type = 3;
     // An optional description of the key.
     string description = 4;