diff --git a/docs/web-configuration.md b/docs/web-configuration.md
index 4042fd0a..ee03d64f 100644
--- a/docs/web-configuration.md
+++ b/docs/web-configuration.md
@@ -23,6 +23,24 @@ Generic placeholders are defined as follows:
 
 ```
 tls_server_config:
+  # Certificate for server to use to authenticate to client.
+  # Expected to be passed as a PEM encoded sequence of bytes as a string.
+  #
+  # NOTE: When passing the cert inline, cert_file should not be specified below.
+  cert: <string>
+
+  # Key for server to use to authenticate to client.
+  # Expected to be passed as a PEM encoded sequence of bytes as a string.
+  #
+  # NOTE: When passing the key inline, key_file should not be specified below.
+  key: <secret>
+
+  # CA certificate for client certificate authentication to the server.
+  # Expected to be passed as a PEM encoded sequence of bytes as a string.
+  #
+  # NOTE: When passing the client_ca inline, client_ca_file should not be specified below.
+  [ client_ca: <string> ]
+
   # Certificate and key files for server to use to authenticate to client.
   cert_file: <filename>
   key_file: <filename>
@@ -37,14 +55,14 @@ tls_server_config:
 
   # CA certificate for client certificate authentication to the server.
   [ client_ca_file: <filename> ]
-  
-  # Verify that the client certificate has a Subject Alternate Name (SAN) 
-  # which is an exact match to an entry in this list, else terminate the 
-  # connection. SAN match can be one or multiple of the following: DNS, 
+
+  # Verify that the client certificate has a Subject Alternate Name (SAN)
+  # which is an exact match to an entry in this list, else terminate the
+  # connection. SAN match can be one or multiple of the following: DNS,
   # IP, e-mail, or URI address from https://pkg.go.dev/crypto/x509#Certificate.
   [ client_allowed_sans:
     [ - <string> ] ]
-    
+
   # Minimum TLS version that is acceptable.
   [ min_version: <string> | default = "TLS12" ]
 
diff --git a/web/testdata/web_config_noAuth_tlsInline.good.yml b/web/testdata/web_config_noAuth_tlsInline.good.yml
index 872da881..fe6ac95f 100644
--- a/web/testdata/web_config_noAuth_tlsInline.good.yml
+++ b/web/testdata/web_config_noAuth_tlsInline.good.yml
@@ -86,4 +86,4 @@ tls_server_config:
     SmOyiSdaAyXHr/6+3KgO5pX8YUn9WiTF2hxo4SG3NQuuva0SBZT9B8iFXt1uFUtP
     Rri7hsjysanKPyaPM1oofbRyWApMyRo=
     -----END PRIVATE KEY-----
-  client_auth_type: "VerifyClientCertIfGiven"
\ No newline at end of file
+  client_auth_type: "VerifyClientCertIfGiven"