Document some missing configuration items

doc/spire_agent.md

@@ -71,12 +71,13 @@ This may be useful for templating configuration files, for example across differ
 | `workload_x509_svid_key_type` | The workload X509 SVID key type <rsa-2048|ec-p256> | ec-p256 |
 | `availability_target` | The minimum amount of time desired to gracefully handle SPIRE Server or Agent downtime. This configurable influences how aggressively X509 SVIDs should be rotated. If set, must be at least 24h. See [Availability Target](#availability-target) | |
 
-| experimental | Description | Default |
-|:---------------------------|------------------------------------------------------------------------------------|-------------------------|
-| `named_pipe_name` | Pipe name to bind the SPIRE Agent API named pipe (Windows only) | \spire-agent\public\api |
-| `sync_interval` | Sync interval with SPIRE server with exponential backoff | 5 sec |
-| `x509_svid_cache_max_size` | Soft limit of max number of SVIDs that would be stored in LRU cache (deprecated) | 1000 |
-| `disable_lru_cache` | Reverts back to use the SPIRE Agent non-LRU cache for storing SVIDs (deprecated) | false |
+| experimental | Description | Default |
+|:------------------------------|--------------------------------------------------------------------------------------|-------------------------|
+| `named_pipe_name` | Pipe name to bind the SPIRE Agent API named pipe (Windows only) | \spire-agent\public\api |
+| `sync_interval` | Sync interval with SPIRE server with exponential backoff | 5 sec |
+| `x509_svid_cache_max_size` | Soft limit of max number of SVIDs that would be stored in LRU cache (deprecated) | 1000 |
+| `disable_lru_cache` | Reverts back to use the SPIRE Agent non-LRU cache for storing SVIDs (deprecated) | false |
+| `use_sync_authorized_entries` | Use SyncAuthorizedEntries API for periodically synchronization of authorized entries | false |
 
 ### Initial trust bundle configuration
 

doc/spire_server.md

@@ -82,6 +82,7 @@ This may be useful for templating configuration files, for example across differ
 | `ratelimit` | Rate limiting configurations, usually used when the server is behind a load balancer (see below) | |
 | `socket_path` | Path to bind the SPIRE Server API socket to (Unix only) | /tmp/spire-server/private/api.sock |
 | `trust_domain` | The trust domain that this server belongs to (should be no more than 255 characters) | |
+| `use_legacy_downstream_x509_ca_ttl` | Use the downstream spire-server registration entry TTL as the downstream CA TTL. This is deprecated and will be removed in a future version. | true |
 
 | ca_subject | Description | Default |
 |:----------------------------|--------------------------------|----------------|
@@ -94,6 +95,7 @@ This may be useful for templating configuration files, for example across differ
 | `cache_reload_interval` | The amount of time between two reloads of the in-memory entry cache. Increasing this will mitigate high database load for extra large deployments, but will also slow propagation of new or updated entries to agents. | 5s |
 | `events_based_cache` | Use events to update the cache with what's changed since the last update. Enabling this will reduce overhead on the database. | false |
 | `prune_events_older_than`| How old an event can be before being deleted. Used with events based cache. Decreasing this will keep the events table smaller, but will increase risk of missing an event if connection to the database is down. | 12h |
+| `sql_transaction_timeout`| Maximum time an SQL transaction could take, used by the events based cache to determine when an event id is unlikely to be used anymore. | 24h |
 | `auth_opa_policy_engine` | The [auth opa_policy engine](/doc/authorization_policy_engine.md) used for authorization decisions | default SPIRE authorization policy |
 | `named_pipe_name` | Pipe name of the SPIRE Server API named pipe (Windows only) | \spire-server\private\api |