Added example of having age recipients in .sops.yaml

Fixed formatting for example of multiple age keys in .sops.yaml

Added example of using updatekeys with age

Apply suggestions from code review

Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>
Signed-off-by: Carsten Skov <carsten@simcax.dk>

README.rst

@@ -218,7 +218,28 @@ identity will be tried in sequence until one is able to decrypt the data.
 
 Encrypting with SSH keys via age is not yet supported by SOPS.
 
+A list of age recipients can be added to the ``.sops.yaml``:
 
+.. code:: yaml
+
+    creation_rules:
+        - age: >-
+            age1s3cqcks5genc6ru8chl0hkkd04zmxvczsvdxq99ekffe4gmvjpzsedk23c,
+            age1qe5lxzzeppw5k79vxn3872272sgy224g2nzqlzy3uljs84say3yqgvd0sw
+
+It is also possible to use ``updatekeys``, when adding or removing age recipients. For example:
+
+.. code:: sh
+
+  $ sops updatekeys secret.enc.yaml
+  2022/02/09 16:32:02 Syncing keys for file /iac/solution1/secret.enc.yaml
+  The following changes will be made to the file's groups:
+  Group 1
+      age1s3cqcks5genc6ru8chl0hkkd04zmxvczsvdxq99ekffe4gmvjpzsedk23c
+  +++ age1qe5lxzzeppw5k79vxn3872272sgy224g2nzqlzy3uljs84say3yqgvd0sw
+  Is this okay? (y/n):y
+  2022/02/09 16:32:04 File /iac/solution1/secret.enc.yaml synced with new keys
+  
 Encrypting using GCP KMS
 ~~~~~~~~~~~~~~~~~~~~~~~~
 GCP KMS uses `Application Default Credentials