diff --git a/docs/index.rst b/docs/index.rst
index 58074d19..ab6cb80b 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -20,6 +20,7 @@ For further information, please check out the `postmarketOS-wiki`_.
    usage
    chroot
    debugging
+   ssh-keys
    api/modules
    mirrors
 
diff --git a/docs/ssh-keys.rst b/docs/ssh-keys.rst
new file mode 100644
index 00000000..76f92b3d
--- /dev/null
+++ b/docs/ssh-keys.rst
@@ -0,0 +1,27 @@
+
+################
+SSH key handling
+################
+
+pmbootstrap can copy SSH keys to the device during the install step.
+
+If the config file option `ssh_keys` is set to `True` (it defaults to `False`),
+then all files matching the glob `~/.ssh/*.pub` will be placed in
+`~/.ssh/authorized_keys` in the user's home directory in newly-built images.
+
+Sometimes, for example if you have a large number of SSH keys, you may wish to
+select a different set of public keys to include in an image. To do this, set
+the `ssh_key_glob` configuration parameter in the pmbootstrap config file to a
+string containing a glob that is to match the file or files you wish to
+include.
+
+For example, a `~/.config/pmbootstrap_v3.cfg` may contain:
+
+.. code-block:: shell
+
+    [pmbootstrap]
+    # ...
+    ssh_keys = True
+    ssh_key_glob = ~/.ssh/postmarketos-dev.pub
+    # ...
+