diff --git a/README.md b/README.md
index bd21158..11329f0 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ See https://github.com/craftypath/sops-operator.
 
 The plugin automatically encrypts data using [Mozilla SOPS](https://github.com/mozilla/sops) and wraps them into a `SopsSecret`.
 The interface is the same as that of `kubectl create secret`.
+Additional args for SOPS must be passed after the `--` delimiter.
 
 ## Installation
 
@@ -19,27 +20,20 @@ A distribution via [Krew](https://krew.sigs.k8s.io/) is planned.
 ### From literal values
 
 ```console
-kubectl sops create secret generic test-secret --from-literal foo=foo_secret --from-literal bar=bar_secret
+kubectl sops create secret generic test-secret --from-literal foo=foo_secret --from-literal bar=bar_secret -- \
+    --kms arn:aws:kms:eu-central-1:123456789012:key/ffad06af-a6cc-43e5-ad61-51db75d17c77
 ```
 
 ### From file
 
 ```console
-kubectl sops create secret generic test-secret --from-file test.yaml
+kubectl sops create secret generic test-secret --from-file test.yaml -- \
+    --kms arn:aws:kms:eu-central-1:123456789012:key/ffad06af-a6cc-43e5-ad61-51db75d17c77
 ```
 
 ### From file printing resulting YAML without applying it
 
 ```console
-kubectl sops create secret generic test-secret --from-literal foo.yaml="bar: barvalue" --dry-run -o yaml
-```
-
-### With additional parameters for SOPS
-
-* Useful if no `.sops.yaml` is used
-* Args after the `--` delimiter are passed to SOPS
-
-```console
-kubectl sops create secret generic test-secret --from-file test.yaml -- \
+kubectl sops create secret generic test-secret --from-literal foo.yaml="bar: barvalue" --dry-run -o yaml -- \
     --kms arn:aws:kms:eu-central-1:123456789012:key/ffad06af-a6cc-43e5-ad61-51db75d17c77
 ```