diff --git a/doc/configuration-v3_2_experimental.md b/doc/configuration-v3_2_experimental.md
index 626eac7500..e4031b848f 100644
--- a/doc/configuration-v3_2_experimental.md
+++ b/doc/configuration-v3_2_experimental.md
@@ -115,6 +115,21 @@ The Ignition configuration is a JSON document conforming to the following specif
       * **_name_** (string): the group name of the owner.
     * **target** (string): the target path of the link
     * **_hard_** (boolean): a symbolic link is created if this is false, a hard one if this is true.
+ * **_luks_** (list of objects): the list of luks devices to be created. Every device must have a unique `device` & `name`.
+    * **name** (string): the name of the luks device. Every device must have a unique `name`.
+    * **device** (string): the absolute path to the device. Devices are typically referenced by the `/dev/disk/by-*` symlinks.
+    * **_cipher_** (string): the cipher specification string.
+    * **_hash_** (string): the hash used in LUKS key setup scheme & volume key digest.
+    * **_keyFile_** (string): the contents to use as a key file.
+    * **_label_** (string): the label of the luks device.
+    * **_uuid_** (string): the uuid of the luks device.
+    * **_options_** (list of strings): any additional options to be passed to the cryptsetup utility.
+    * **_clevis_** (object): describes the clevis configuration for the luks device.
+      * **_tang_** (list of objects): describes a tang server.
+        * **url** (string): url of the tang server.
+        * **_thumbprint_** (string): thumbprint of the tang server.
+      * **_tpm2_** (bool): whether or not to use a tpm2 device.
+      * **_threshold_** (int): sets the threshold for a SSS policy.
 * **_systemd_** (object): describes the desired state of the systemd units.
   * **_units_** (list of objects): the list of systemd units.
     * **name** (string): the name of the unit. This must be suffixed with a valid unit type (e.g. "thing.service"). Every unit must have a unique `name`.