diff --git a/README.md b/README.md
index 92142f9..15ccbb8 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,19 @@ This installs nixos on host `somehost`:
 nix-shell -p nixUnstable --run 'nixos-install --flake https://gitlab.jalr.de/jalr/nixos-configuration#somehost --no-channel-copy'
 ```
 
+### setting up sops
+Get the host key and convert it.
+```bash
+ssh-keyscan -t ed25519 $host | ssh-to-age
+```
+
+Then add the key to `.sops.yaml`
+
+If the key changed, you might want to run
+```bash
+sops updatekeys hosts/$host/secrets.yaml
+```
+
 ## nix repl
 start an interactive environment for evaluating Nix expressions