From d9c5da6f8bcfb2424ccc802f25fb524c6fd87683 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
 <nicolas.jeannerod@moduscreate.com>
Date: Fri, 13 Dec 2024 13:03:07 +0100
Subject: [PATCH] Update secrets' README

---
 secrets/README.md | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/secrets/README.md b/secrets/README.md
index c0fcc17..08b135e 100644
--- a/secrets/README.md
+++ b/secrets/README.md
@@ -25,19 +25,21 @@ As an example, let us add a secret in a file “cheeses” whose content should
 3. If you are doing something flake-related such as NixOps4, remember to commit
    or at least stage the secret.
 
-4. In the machine's configuration, load the Agenix NixOS module, declare your
-   secret, possibly with owner/group, and use it where necessary, eg.:
+4. In the machine's configuration, load our `ageSecrets` NixOS module, declare the machine's host key and start using your secrets, eg.:
    ```nix
-   { config, ... }:
+   { self, config, ... }:
    {
-     imports = [ inputs.agenix.x86_64-linux.nixosModules.default ];
-     age.secrets.cheeses.file = ../secrets/cheeses.age;
-     # age.secrets.cheeses.owner = "jeanpierre";
-     # age.secrets.cheeses.group = "france";
-     # age.secrets.cheeses.mode = "440";
+     imports = [ self.nixosModules.ageSecrets ];
+     fediversity.hostPublicKey = self.keys.systems.vmFromage;
      services.imaginaryCheeseFactory.frenchSecretFile = config.age.secrets.cheeses.path;
    }
    ```
+   If the secrets requires specific owner/group/mode, those can be set with:
+   ```nix
+   age.secrets.cheeses.owner = "jeanpierre";
+   age.secrets.cheeses.group = "france";
+   age.secrets.cheeses.mode = "440";
+   ```
 
 5. Never read the content of the file in Nix, that is never do anything like:
    ```nix