diff --git a/README.md b/README.md
index ff0e6fe..ae9aec8 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,9 @@ Note: The `GPG_TTY` is necessary to have the password prompt appear. src: https:
 
 Note: `secrets.yaml` is just an example; the file can have any name
 
-## 4. Offboarding: [Existing User]: Archive Expired Keys (EOL)
+# Playbook for Removing Expired Keys
+
+## Offboarding: [Existing User]: Archive Expired Keys (EOL)
 
 To mark a key as expired:
 1. move it to the `archive/` dir
@@ -216,7 +218,7 @@ find groups/ -name ${keyname}
 # For each group, update sops config in that repo
 # Example:
 % cd devnso-adp-argocd
-% ${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd
+% ${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd $(find . -name secrets.yaml)
 # now git commit, push, etc
 ```