From 4254322d7edfd3a4b9c1247efb4cf479a656c544 Mon Sep 17 00:00:00 2001
From: MOREV Mikhail <Mikhail.MOREV@raiffeisen.ru>
Date: Thu, 9 Jan 2020 11:25:25 +0600
Subject: [PATCH] update docs

---
 README.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.rst b/README.rst
index 6d22fbc14..87a81679b 100644
--- a/README.rst
+++ b/README.rst
@@ -968,6 +968,7 @@ This command requires a ``.sops.yaml`` configuration file. Below is an example:
         vault_kv_mount_name: "secret/" # default
         vault_kv_version: 2 # default
         path_regex: vault/*
+        omit_extensions: true
 
 The above configuration will place all files under ``s3/*`` into the S3 bucket ``sops-secrets``,
 all files under ``gcs/*`` into the GCS bucket ``sops-secrets``, and the contents of all files under
@@ -977,6 +978,11 @@ published to S3 and GCS, it will decrypt them and re-encrypt them using the
 
 You would deploy a file to S3 with a command like: ``sops publish s3/app.yaml``
 
+To publish all files in selected directory recursively, you need to specify ``--recurse`` flag.
+
+If you don't want file extension to appear in destination secret path, use ``--omit-extensions``
+flag or same ``.sops.yaml`` option.
+
 Publishing to Vault
 *******************
 
@@ -991,6 +997,9 @@ configuring the client.
 ``vault_kv_mount_name`` is used if your Vault KV is mounted somewhere other than ``secret/``.
 ``vault_kv_version`` supports ``1`` and ``2``, with ``2`` being the default.
 
+If destination secret path already exists in Vault and contains same data as source file, it will
+be skipped.
+
 Below is an example of publishing to Vault (using token auth with a local dev instance of Vault).
 
 .. code:: bash