From 9b8d5e36626f989c11b468eb38b7f321be1a7923 Mon Sep 17 00:00:00 2001
From: tomdds <tom.chandler-ctr@friends.dds.mil>
Date: Tue, 26 Nov 2019 11:03:53 -0500
Subject: [PATCH] Document generation and updating of dhparams.

---
 deploy/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/deploy/README.md b/deploy/README.md
index 6f8c4cf1..25380293 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -170,6 +170,12 @@ Then:
 kubectl -n atat create secret tls azure-atat-code-mil-tls --key="[path to the private key]" --cert="[path to the full chain]"
 ```
 
+### Create the Diffie-Hellman parameters
+
+Diffie-Hellman parameters allow per-session encryption of SSL traffic to help improve security. We currently store our parameters in KeyVault, the value can be updated using the following command. Note: Generating the new paramter can take over 10 minutes and there won't be any output while it's running.
+```
+az keyvault secret set --vault-name <VAULT NAME> --name <NAME OF PARAM> --value "$(openssl genpkey -genparam -algorithm DH -outform pem -pkeyopt dh_paramgen_prime_len:4096 2> /dev/null)"
+```
 ---
 
 # Setting Up FlexVol for Secrets