diff --git a/bin/update_sops.sh b/bin/update_sops.sh
index 1443966..f905c58 100755
--- a/bin/update_sops.sh
+++ b/bin/update_sops.sh
@@ -114,9 +114,6 @@ fn_sops_updatekeys_and_verify(){
   # "update the keys of SOPS files using the config file"
   >&2 echo "# RUN: sops updatekeys ${sops_enc_file}"
   sops updatekeys "${sops_enc_file}"
-
-  # verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
-  GPG_TTY=$(tty) sops -d "${sops_enc_file}"
 }
 
 function main(){
diff --git a/verify/usr_confirm_keycfg.sh b/verify/usr_confirm_keycfg.sh
index 51170c6..6c8c40e 100755
--- a/verify/usr_confirm_keycfg.sh
+++ b/verify/usr_confirm_keycfg.sh
@@ -14,6 +14,9 @@ set -x
 # within current dir: update .sops.yaml, update keys in encrypted file
 ../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
 
+# verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
+GPG_TTY=$(tty) sops -d "${secrets_file}"
+
 # Special Case: Add caveat header
 cat <<EOM > .sops.yaml.tmp
 # PURPOSE: BLUEPRINT for .sops.yaml config