From e4a008f9ee29485eeb021ed731f864fa44b1d98b Mon Sep 17 00:00:00 2001
From: Lisa Cawley <lcawley@elastic.co>
Date: Wed, 6 Sep 2017 08:13:59 -0700
Subject: [PATCH] [DOCS] Update passphrase security setting
 (elastic/x-pack-elasticsearch#2431)

Original commit: elastic/x-pack-elasticsearch@8834d64f10a27f307239594d87fa4cb11ee8fe33
---
 docs/en/settings/security-settings.asciidoc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/en/settings/security-settings.asciidoc b/docs/en/settings/security-settings.asciidoc
index ae5a8367bef..7a530c5d6ac 100644
--- a/docs/en/settings/security-settings.asciidoc
+++ b/docs/en/settings/security-settings.asciidoc
@@ -79,7 +79,9 @@ Set to `false` to disable the built-in token service. Defaults to `true` unless
 `xpack.security.authc.token.passphrase`::
 A secure passphrase that must be the same on each node and greater than
 8 characters in length. This passphrase is used to derive a cryptographic key
-with which the tokens will be encrypted and authenticated.
+with which the tokens will be encrypted and authenticated. If this setting is
+not used, the cluster automatically generates a key, which is the recommended
+method. 
 
 `xpack.security.authc.token.timeout`::
 The length of time that a token is valid for. By default this value is `20m` or