diff --git a/clusters/kairos/apps/fluxrepo.yaml b/clusters/kairos/apps/fluxrepo.yaml
index aea4a6d..185162b 100644
--- a/clusters/kairos/apps/fluxrepo.yaml
+++ b/clusters/kairos/apps/fluxrepo.yaml
@@ -14,4 +14,4 @@ spec:
   decryption:
     provider: sops
     secretRef:
-      name: sops-age
+      name: sops-age2
diff --git a/readme.md b/readme.md
index 43697ed..b391825 100644
--- a/readme.md
+++ b/readme.md
@@ -32,18 +32,18 @@ Drop the user and cluster into your config and create a context to have that use
 
 I use sops with age to encrypt keys etc in git.  
 Before pushing encrypted keys up, we'll need to re-encrypt them with a new key.  
-From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o keys.txt`.
+From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o age.agekey`.
 
 Add that new public key to the `.sops.yaml`, and push the secret key to the cluster with:
 
 ```sh
-cat keys.txt |
+cat age.agekey |
 kubectl create secret generic sops-age \
 --namespace=apps \
---from-file=keys.txt=/dev/stdin
+--from-file=age.agekey=/dev/stdin
 ```
 
-Update the encryption with `sops updatekeys`, then delete keys.txt.
+Update the encryption with `sops updatekeys`, then delete age.agekey.
 
 ### Using sops