ADP-179 sops manage keys

archives old keys, updates doc

README.md

@@ -20,6 +20,14 @@ gpg --import /path/to/keys/*.gpg.pub
 gpg --list-keys --keyid-format=long
 ```
 
+# EOL: Archive Expired Keys
+
+To mark a key as expired, move it to the `archive/` dir as follows:
+
+```bash
+mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
+```
+
 # Configure SOPS
 
 SOPS is used for encrypting secrets, e.g. credentials for various systems