diff --git a/bin/update_sops.sh b/bin/update_sops.sh
index 5385a22..6d92f2c 100755
--- a/bin/update_sops.sh
+++ b/bin/update_sops.sh
@@ -69,20 +69,19 @@ pushd "${keyfiles_dir}" > /dev/null 2>&1
 popd > /dev/null 2>&1
 
 # VERIFY
-fn_verify_sops_config(){
+fn_sops_updatekeys_and_verify(){
   sops_enc_file="${1}";shift;
-  # update keys in mock secret file
-  # prereq: create a file with a mock secret, src: https://bash-org-archive.com/?244321
-  test -e "${sops_enc_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${sops_enc_file}" && sops -e -i "${sops_enc_file}" )
+  # update keys in secrets file
+  test -e "${sops_enc_file}" || exit 1
 
   # "update the keys of SOPS files using the config file"
   sops updatekeys "${sops_enc_file}"
 
-  # dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
+  # verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
   GPG_TTY=$(tty) sops -d "${sops_enc_file}"
 }
 if [[ "${secrets_file}" != "0" ]]; then
-  fn_verify_sops_config "${secrets_file}"
+  fn_sops_updatekeys_and_verify "${secrets_file}"
   echo "# SUCESS: all users with keys in this dir should have functional keys"
 else
   echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files"
diff --git a/example/cmd_sops.sh b/example/cmd_sops.sh
index 339b336..2d64eea 100755
--- a/example/cmd_sops.sh
+++ b/example/cmd_sops.sh
@@ -11,6 +11,10 @@ keys_dir="$(dirname "${BASH_SOURCE[0]}")/.."
 # deliberate just "dot" for current dir
 sops_cfg_dir=.
 secrets_file="mock_secrets.yaml"
+#---
+
+# prereq: idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321
+test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" )
 
 # ./bin/update_sops.sh "${curdir}" "${PWD}"/