+.. program:: reindex
+
+.. option:: --decrypt=(true|nostash|auto|false)
+
+ If ``true``, when encountering an encrypted message, try to
+ decrypt it while reindexing, stashing any session keys discovered.
+ If ``auto``, and notmuch already knows about a session key for the
+ message, it will try decrypting using that session key but will
+ not try to access the user's secret keys. If decryption is
+ successful, index the cleartext itself.
+
+ ``nostash`` is the same as ``true`` except that it will not stash
+ newly-discovered session keys in the database.
+
+ If ``false``, notmuch reindex will also delete any stashed session
+ keys for all messages matching the search terms.
+
+ Be aware that the index is likely sufficient (and a stashed
+ session key is certainly sufficient) to reconstruct the cleartext
+ of the message itself, so please ensure that the notmuch message
+ index is adequately protected. DO NOT USE ``--decrypt=true`` or
+ ``--decrypt=nostash`` without considering the security of your
+ index.
+
+ See also ``index.decrypt`` in :any:`notmuch-config(1)`.
+
+EXAMPLES
+========
+
+A user just received an encrypted message without indexing its
+cleartext. After reading it (via ``notmuch show --decrypt=true``),
+they decide that they want to index its cleartext so that they can
+easily find it later and read it without having to have access to
+their secret keys:
+
+::
+
+ notmuch reindex --decrypt=true id:1234567@example.com
+
+A user wants to change their policy going forward to start indexing
+cleartext. But they also want indexed access to the cleartext of all
+previously-received encrypted messages. Some messages might have
+already been indexed in the clear (as in the example above). They can
+ask notmuch to just reindex the not-yet-indexed messages:
+
+::