From 630dbb67327664f6fbb48b65ba982ca02c68f5b6 Mon Sep 17 00:00:00 2001
From: LeeW <lee.watson@netgo.de>
Date: Wed, 26 Feb 2025 17:34:46 +0100
Subject: [PATCH] updates instructions - archive

---
 README.md | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 227800a..b9eef6e 100644
--- a/README.md
+++ b/README.md
@@ -114,13 +114,36 @@ Note: `secrets.yaml` is just an example; the file can have any name
 
 ## 5. Offboarding: [Existing User]: Archive Expired Keys (EOL)
 
-To mark a key as expired, move it to the `archive/` dir as follows:
+To mark a key as expired:
+1. move it to the `archive/` dir
+2. for each group, update the project repo
+3. remove the key from the group
 
-```bash
-# remove from groups
-find groups -name ${keyname} | xargs git rm
+### 1. This repo: archive
+```shell
 # archive key - DO NOT delete - need this for auditing
 git mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
+
+# list all groups
+find groups -name ${keyname} | xargs git rm
+```
+
+### 2. For each group / repo:
+
+**Prerequisite**: Local copy of repo 
+
+```shell
+# For a given group, update sops config
+# Example:
+% cd devnso-adp-argocd
+% ${PATH_TO_THIS_REPO}/bin/update_sops.sh -g devnso-adp-argocd
+```
+
+
+### 3. This repo: update groups
+```shell
+# remove from groups
+find groups -name ${keyname} | xargs git rm
 ```
 
 # Advanced