diff --git a/docs/images/ssh-keys.png b/docs/images/ssh-keys.png
new file mode 100644
index 0000000000000..556bb33a5e0d9
Binary files /dev/null and b/docs/images/ssh-keys.png differ
diff --git a/docs/secrets.md b/docs/secrets.md
index 40f69ea649d11..d21efc8b4e9f8 100644
--- a/docs/secrets.md
+++ b/docs/secrets.md
@@ -24,6 +24,19 @@ Often, this workflow is simply:
 We show parameters in cleartext around the product. Assume anyone with view
 access to a workspace can also see its parameters.
 
+## SSH Keys
+
+Coder generates SSH key pairs for each user. This can be used as an authentication mechanism for
+git providers or other tools. Within workspaces, git will attempt to use this key within workspaces
+via the `$GIT_SSH_COMMAND` environment variable.
+
+Users can view their public key in their account settings:
+
+![SSH keys in account settings](./images/ssh-keys.png)
+
+> There is a [known issue](https://github.com/coder/coder/issues/3126) that prevents users from
+> using their own SSH keys within Coder workspaces.
+
 ## Dynamic Secrets
 
 Dynamic secrets are attached to the workspace lifecycle and automatically