diff --git a/README.md b/README.md
index b9eef6e..173d7ad 100644
--- a/README.md
+++ b/README.md
@@ -123,23 +123,25 @@ To mark a key as expired:
 ```shell
 # archive key - DO NOT delete - need this for auditing
 git mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
-
-# list all groups
-find groups -name ${keyname} | xargs git rm
+# remove from verification sops
+./verify/usr_confirm_keycfg.sh
 ```
 
 ### 2. For each group / repo:
 
-**Prerequisite**: Local copy of repo 
+**Prerequisite**: Local copy of each repo corresponding to a group
 
 ```shell
-# For a given group, update sops config
+# list all groups to which the key is registered
+find groups/ -name ${keyname}
+
+# For each group, update sops config in that repo
 # Example:
 % cd devnso-adp-argocd
 % ${PATH_TO_THIS_REPO}/bin/update_sops.sh -g devnso-adp-argocd
+# now git commit, push, etc
 ```
 
-
 ### 3. This repo: update groups
 ```shell
 # remove from groups