diff --git a/docs/bake-reference.md b/docs/bake-reference.md
index a4f236fa5299..ade6c376267f 100644
--- a/docs/bake-reference.md
+++ b/docs/bake-reference.md
@@ -1016,6 +1016,12 @@ RUN --mount=type=ssh \
     && git clone git@github.com:user/my-private-repo.git
 ```
 
+> [!NOTE]
+> When overriding `ssh` from the command line with `--set`, use the inline
+> `id=path` string form rather than the object form shown above, for example
+> `docker buildx bake --set "*.ssh=default=$HOME/.ssh/id_ed25519"`. Separate
+> multiple paths with commas. See [`bake --set`][set] for details.
+
 ### `target.tags`
 
 Image names and tags to use for the build target.
@@ -1478,6 +1484,7 @@ target "webapp-dev" {
 [platform]: https://docs.docker.com/reference/cli/docker/buildx/build/#platform
 [run_mount_secret]: https://docs.docker.com/reference/dockerfile/#run---mounttypesecret
 [secret]: https://docs.docker.com/reference/cli/docker/buildx/build/#secret
+[set]: https://docs.docker.com/reference/cli/docker/buildx/bake/#set
 [ssh]: https://docs.docker.com/reference/cli/docker/buildx/build/#ssh
 [tag]: https://docs.docker.com/reference/cli/docker/image/build/#tag
 [target]: https://docs.docker.com/reference/cli/docker/image/build/#target
diff --git a/docs/reference/buildx_bake.md b/docs/reference/buildx_bake.md
index 939341747a1d..bfc7cd485791 100644
--- a/docs/reference/buildx_bake.md
+++ b/docs/reference/buildx_bake.md
@@ -480,3 +480,39 @@ You can append using `+=` operator for the following fields:
 
 > [!NOTE]
 > ¹ These fields already append by default.
+
+#### Inline values for composable attributes
+
+Some fields, such as `ssh`, `secret`, `output`, `cache-to`, `cache-from`,
+`attest`, and `annotations`, are composable attributes that accept a list of
+object values in a Bake file. When you override these fields with `--set`, you
+provide each value using the same inline string syntax as the corresponding
+build flag, not the HCL object form. The `--set` override replaces or appends
+to the list as a whole; it doesn't address individual sub-fields with a
+sub-selector. Only the map-valued fields `args`, `contexts`, `labels`, and
+`extra-hosts` support targeting a specific entry with a sub-key (for example
+`--set target.args.MYARG=value`).
+
+For example, to set the SSH agent socket or key for a target, use the same
+`id=path` form accepted by [`build --ssh`](buildx_build.md#ssh):
+
+```console
+$ docker buildx bake --set "*.ssh=default=$HOME/.ssh/id_ed25519"
+```
+
+To expose multiple paths for the same `id`, separate them with commas in the
+second part:
+
+```console
+$ docker buildx bake --set "*.ssh=default=$HOME/.ssh/id_ed25519,$HOME/.ssh/id_rsa"
+```
+
+Your shell expands `$HOME` before buildx sees the value. The equivalent Bake
+file definition uses the resolved paths directly (Bake doesn't expand `$HOME`
+in HCL strings):
+
+```hcl
+target "default" {
+  ssh = [{ id = "default", paths = ["/home/user/.ssh/id_ed25519", "/home/user/.ssh/id_rsa"] }]
+}
+```