diff --git a/README.md b/README.md
index bace21b..594628e 100644
--- a/README.md
+++ b/README.md
@@ -117,7 +117,10 @@ Note: `secrets.yaml` is just an example; the file can have any name
 To mark a key as expired, move it to the `archive/` dir as follows:
 
 ```bash
-mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
+# remove from groups
+find groups -name ${keyname} | xargs git rm
+# archive key - DO NOT delete - need this for auditing
+git mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
 ```
 
 # Advanced
diff --git a/test.person@netgo.de.gpg.pub b/archive/test.person@netgo.de.gpg.pub
similarity index 100%
rename from test.person@netgo.de.gpg.pub
rename to archive/test.person@netgo.de.gpg.pub
diff --git a/groups/devnso-adp-argocd/test.person@netgo.de.gpg.pub b/groups/devnso-adp-argocd/test.person@netgo.de.gpg.pub
deleted file mode 120000
index 8aec0da..0000000
--- a/groups/devnso-adp-argocd/test.person@netgo.de.gpg.pub
+++ /dev/null
@@ -1 +0,0 @@
-../../test.person@netgo.de.gpg.pub
\ No newline at end of file