diff --git a/README.md b/README.md
index 02695fc..a1878b4 100644
--- a/README.md
+++ b/README.md
@@ -11,9 +11,12 @@ Purpose: Manage gpg keys for:
 - checkin via MergeRequest/PullRequest
 
 ### import gpg keys
+```shell
 gpg --import /path/to/keys/*.gpg.pub
+```
 
 ### list imported gpg keys
+```shell
 gpg --list-keys --keyid-format=long
 
 
@@ -95,6 +98,8 @@ If these steps work, sops configured correctly - on your machine ;-)
 #!/usr/bin/env bash
 set -ueo pipefail
 # demo: create a file with a mock secret, src: https://bash-org-archive.com/?244321
+# PREREQUISITE: valid sops config, i.e. .sops.yaml - Note: most repos already have one
+# further reading: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
 yq -n '.demo.credentials.secret = "hunter2"' > secrets.yaml
 # encrypt
 sops -e -i secrets.yaml
@@ -108,4 +113,4 @@ sops -d secrets.yaml
 ```shell
 cd example/
 ./cmd_sops.sh
-```
\ No newline at end of file
+```
diff --git a/smardigo_automation_ssp_prod.gpg.pub b/smardigo_automation_ssp_prod.gpg.pub
new file mode 100644
index 0000000..2a0dd39
--- /dev/null
+++ b/smardigo_automation_ssp_prod.gpg.pub
@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZ63x7xYJKwYBBAHaRw8BAQdAxVEnJjkN/0RE6FlxNJVqUyzJUm4uXaCTjJ0d
+6eFSI9+0I3NzcC1wcm9kIDxOU08tVGVhbS1EZXZPcHNAbmV0Z28uZGU+iJAEExYI
+ADgWIQSsmw21kPSuIBfCrYNhE662bFEMPwUCZ63x7wIbAwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRBhE662bFEMP4IXAQCl/C/HZ0WWmSv31GNlcBsIYdvys8Ny
+c7qciu6ZAfuJ5wD/X6gsPohLVKZYT01pkiMRjehgBCeAIdYV7++1MnEloQa4OARn
+rfHvEgorBgEEAZdVAQUBAQdAD9ikD606qN9oSWmebuqW2VXldozDndn34K6QnXfX
+xHMDAQgHiHgEGBYIACAWIQSsmw21kPSuIBfCrYNhE662bFEMPwUCZ63x7wIbDAAK
+CRBhE662bFEMP1zaAP94FZkb3Fm0P4fYSuuBLDUZK2dw1qt4lK2MNnFYUTAeBAD7
+BTW3mExgOqq6IXXf0IDvGO1sa6We0Frkm1JZKNR2QwQ=
+=4I3G
+-----END PGP PUBLIC KEY BLOCK-----