diff --git a/README b/README
index 50492d8..cc74619 100644
--- a/README
+++ b/README
@@ -6,6 +6,32 @@ $ ./autogen.sh && ./configure && make
 You can also check the configure option for configuring it for testing
 on another infrastructure (for instance by using another domain).
 
+To build an image you will also need at least id_ed25519.pub and
+signing-key.pub:
+
+- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
+  command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
+  details. If you're not confortable with that, backup your ~/.ssh
+  folder first.
+
+- signing-key.pub can be generated with the 'guix archive
+  --generate-key' command.  See the "Invoking guix archive" in the
+  Guix manual for more details[1].
+  https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
+
+Other files are optional:
+
+- id_ed25519: It is used for guix deploy. It is also generated by
+  ssh-keygen. A good idea is to have a symlink to it in order not to
+  have scp copy it to the target machine by mistake as it is the SSH
+  private key. Using separate SSH keys for separate machines also help
+  limiting the damage when such accident happen.
+
+- id_wireguard: This is the wireguard private key. It can be generated
+  with the 'wg genkey > id_wireguard' command. See the wg manual ('man
+  8 wg') for more detail.
+
+
 Note that letsencrypt has a limit of about 5 certificates per week, so
 it's a good idea to use test domains before deployments.