From bc6c8ea4107497635e2d6effafe903033ad7a513 Mon Sep 17 00:00:00 2001
From: Justin de Guzman <justin@justindeguzman.net>
Date: Mon, 28 Aug 2023 18:16:53 -0700
Subject: [PATCH] Add info about password complexity req for ClickHouse Cloud

---
 .../sql-reference/statements/create/user.md   | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/docs/en/sql-reference/statements/create/user.md b/docs/en/sql-reference/statements/create/user.md
index e084107f93e..3ba23f3e93c 100644
--- a/docs/en/sql-reference/statements/create/user.md
+++ b/docs/en/sql-reference/statements/create/user.md
@@ -40,14 +40,31 @@ There are multiple ways of user identification:
 - `IDENTIFIED WITH ssl_certificate CN 'mysite.com:user'`
 - `IDENTIFIED BY 'qwerty'`
 
-If a password is defined, by default it must meet the following complexity requirements:
+:::note
+In ClickHouse Cloud, by default, passwords must meet the following complexity requirements:
 - Be at least 12 characters long
 - Contain at least 1 numeric character
 - Contain at least 1 uppercase character
 - Contain at least 1 lowercase character
 - Contain at least 1 special character
+:::
 
-Password complexity requirements can be edited in [config.xml](/docs/en/operations/configuration-files).
+Password complexity requirements can be edited in [config.xml](/docs/en/operations/configuration-files). Below is an example configuration that requires passwords to be at least 12 characters long and contain 1 number. Each password complexity rule requires a regex to match against passwords and a description of the rule.
+
+```xml
+<clickhouse>
+    <password_complexity>
+        <rule>
+            <pattern>.{12}</pattern>
+            <message>be at least 12 characters long</message>
+        </rule>
+        <rule>
+            <pattern>\p{N}</pattern>
+            <message>contain at least 1 numeric character</message>
+        </rule>
+    </password_complexity>
+</clickhouse>
+```
 
 ## Examples