diff --git a/README.md b/README.md
index fed87c0..ca86132 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,26 @@ Purpose: Manage gpg keys for:
 
 # Key Management
 
-Roles:
-
-* New User: new key to be added; can be a new employee being added for first time, existing employee getting access to a new repo, key rotation, etc
-* Existing User: user who already has access to the appropriate project
+* Role: New User: new key to be added; can be a new employee being added for first time, existing employee getting access to a new repo, key rotation, etc
+* Role: Existing User: user who already has access to the appropriate project
   * Definition: List of all users: [verify/.sops.yaml](verify/.sops.yaml)
+* Keys Repository: This Git Repository (`communication-keys`), manages public keys and configuration in Project Repositories
+* Project Repository: Git Repository for each Project which contains SOPS-Encrypted secrets, e.g. for GitOps Deployments using Helm Files
+
+
+Procedure:
+
+1. In the Keys Repo (`communication-keys`):
+    1. New User creates,adds GPG Key
+    1. Existing User configures groups
+    1. Existing User configures verification SOPS Config
+    1. New User installs SOPS
+    1. New User verifies SOPS installation using verification SOPS Config
+    1. **Status**: New User has working key, working sops installation. Caveat: No access to secrets in other repos yet
+1. In the Project Repo
+    1. Existing User adds New User Key to SOPS Config, Secrets Files
+    1. New User verifies access
+    1. **Status**: New User has access to SOPS-encrypted secrets within Project Repo
 
 ## 1a. Onboarding: [New User]: create and add a gpg key
 1. Clone this repository
@@ -81,22 +96,30 @@ The following commands explain how to update the `.sops.yaml` for a repository:
 
 #### Commands
 
+Configure Project Repo for New User
+
+<!-- TODO: auto-determine group with git remote show origin -->
+<!-- TODO: auto-determine secrets files by integrating the 'find . -name secrets.yaml' in the script -->
 ```shell
 # List available groups
+# Output:
 % ${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh --list_groups
 # INFO: listing groups
 admin
 automation
 devnso-adp-argocd
 
-# For a given group, update sops config
-% ${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd
+# For a given group, update sops config AND all secrets files - New Users cannot add themselves!
+# Output:
+% ${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd $(find . -name secrets.yaml)
 # RUN: generate SOPS config
-# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files
-
-# [OPTIONAL] For a given group, update sops config AND specified secrets file
-% ${PATH_TO_COMMUNICATION_KEYS_REPO}/bin/update_sops.sh -g devnso-adp-argocd -s ./adp-api-devs/adp-api-devs/secrets.yaml
+# RUN: gpg --import *.gpg.pub
+# RUN: sops updatekeys ./loki/loki/secrets.yaml
+...
+# SUCCESS: all users with keys in this dir should have functional keys
+```
 
+```shell
 # commit the changes to any .sops.yaml or secrets files, e.g. with 
 ## OPINIONATED GIT - use preferred method
 % git add -p