diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst
index cf88d3c48de1e9306be711f9260465db41508e44..b3e672fe52b76bc335481ad7adfe4e76d39cb974 100644
--- a/docs/source/configuration.rst
+++ b/docs/source/configuration.rst
@@ -35,6 +35,13 @@ For example::
 Note that ``ristretto-issuer-root-url`` must agree with whichever storage servers the client will be configured to interact with.
 If the values are not the same, the client will decline to use the storage servers.
 
+The client can also be configured with the value of a single pass::
+
+    [storageclient.plugins.privatestorageio-zkapauthz-v1]
+    pass-value = 1048576
+
+The value given here must agree with the value servers use in their configuration or the storage service will be unusable.
+
 Server
 ------
 
@@ -49,6 +56,14 @@ Then also configure the Ristretto-flavored PrivacyPass issuer the server will an
   [storageserver.plugins.privatestorageio-zkapauthz-v1]
   ristretto-issuer-root-url = https://issuer.example.invalid/
 
+The value of a single pass in the system can be configured here as well::
+
+  [storageserver.plugins.privatestorageio-zkapauthz-v1]
+  pass-value = 1048576
+
+If no ``pass-value`` is given then a default will be used.
+The value given here must agree with the value clients use in their configuration or the storage service will be unusable.
+
 The storage server must also be configured with the path to the Ristretto-flavored PrivacyPass signing key.
 To avoid placing secret material in tahoe.cfg,
 this configuration is done using a path::