diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample
index ea979dbfb7..2958347d13 100644
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@@ -598,6 +598,17 @@ auth_uri = http://keystonehost:5000/v3
 # Connect/read timeout to use when communicating with Keystone
 http_timeout = 10.0
 
+# Number of seconds to cache the S3 secret. By setting this to a positive
+# number, the S3 authorization validation checks can happen locally.
+# secret_cache_duration = 0
+
+# If S3 secret caching is enabled, Keystone auth credentials to be used to
+# validate S3 authorization must be provided here. The appropriate options
+# are the same as used in the authtoken middleware above. The values are
+# likely the same as used in the authtoken middleware.
+# Note that the Keystone auth credentials used by s3token will need to be
+# able to view all project credentials too.
+
 # SSL-related options
 # insecure = False
 # certfile =