From a972203871a6e24eacd58e8fe0387b2c8efb2780 Mon Sep 17 00:00:00 2001
From: Maxwell Weru <mburumaxwell@gmail.com>
Date: Tue, 24 Jun 2025 13:22:25 +0100
Subject: [PATCH] net: lib: tls_credentials: clarify secure tag usage for TLS
 credentials

Updated documentation to clarify that while credential pairs should
generally share the same secure tag for subsystems supporting multiple
credentials per tag, some implementations may expect only one credential
per tag.

Signed-off-by: Maxwell Weru <mburumaxwell@gmail.com>
---
 include/zephyr/net/tls_credentials.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/zephyr/net/tls_credentials.h b/include/zephyr/net/tls_credentials.h
index 1002eee7e64..c3e0c9cac9d 100644
--- a/include/zephyr/net/tls_credentials.h
+++ b/include/zephyr/net/tls_credentials.h
@@ -70,8 +70,10 @@ enum tls_credential_type {
  * @note Some TLS credentials come in pairs:
  *    - TLS_CREDENTIAL_PUBLIC_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
  *    - TLS_CREDENTIAL_PSK with TLS_CREDENTIAL_PSK_ID.
- *    Such pairs of credentials must be assigned the same secure tag to be
- *    correctly handled in the system.
+ *    Such pairs of credentials should generally be assigned the same secure tag
+ *    when used with subsystems that support fetching multiple credentials per tag,
+ *    such as TLS sockets. However, note that certain subsystems or implementations
+ *    may expect only one credential per secure tag.
  *
  * @note Negative values are reserved for internal use.
  */