diff --git a/bin/update_sops.sh b/bin/update_sops.sh
index b1a2a06..f79f749 100755
--- a/bin/update_sops.sh
+++ b/bin/update_sops.sh
@@ -2,7 +2,7 @@
 # Purpose: manage .sops.yaml based on gpg keys in the same dir _and_ verify correct configuration
 set -euo pipefail
 
-# OPTIONS AND ARGPARSING
+# OPTIONS: ARGPARSING and VALIDATION
 # assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
 keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
 # assume location of secrets config file in pwd
@@ -21,6 +21,7 @@ while (( $# >= 1 ));do
   shift;
 done
 
+# VALIDATE INPUTS
 keyfiles_dir="$(realpath "${keyfiles_dir}")"
 test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
 sops_config_dir="$(realpath "${sops_config_dir}")"
@@ -32,7 +33,8 @@ if [[ "${#secrets_file_list[@]}" != "0" ]]; then
     test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
   done
 fi
-# /OPTIONS AND ARGPARSING
+# /VALIDATE INPUTS
+# /OPTIONS: ARGPARSING and VALIDATION
 
 function fn_extract_fpr(){
   gpgkeyfile=$1;shift;