From 5d802d251cc778bebc8ebad5dd48ed010da2d2e1 Mon Sep 17 00:00:00 2001
From: Ryan Mulligan <ryan@ryantm.com>
Date: Sat, 3 Sep 2022 14:47:04 -0700
Subject: [PATCH] doc: improve tutorial by showing how to use the secret path

---
 README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index de3bcd6..d58887b 100644
--- a/README.md
+++ b/README.md
@@ -226,9 +226,18 @@ but, if you want to (change the system based on your system):
    ```
 5. Add secret to a NixOS module config:
    ```nix
-   age.secrets.secret1.file = ../secrets/secret1.age;
+   {
+     age.secrets.secret1.file = ../secrets/secret1.age;
+   }
    ```
-6. NixOS rebuild or use your deployment tool like usual.
+6. Use the secret in your config:
+   ```nix
+   users.users.user1 = {
+     isNormalUser = true;
+     passwordFile = config.age.secrets.secret1.path;
+   };
+   ```
+7. NixOS rebuild or use your deployment tool like usual.
 
    The secret will be decrypted to the value of `config.age.secrets.secret1.path` (`/run/agenix/secret1` by default). For per-secret options controlling ownership etc, see [modules/age.nix](modules/age.nix).