diff --git a/morph/grid/local/README.rst b/morph/grid/local/README.rst
index 8887c297bc0e2aa300e27f86ff7a0f08535028a5..0fda58096559a53e0e1091e8f6f138e8c1cc0db8 100644
--- a/morph/grid/local/README.rst
+++ b/morph/grid/local/README.rst
@@ -33,8 +33,8 @@ If you run an older Nixpkgs, retrieve and use the latest Vagrant development ver
   NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/refs/heads/master.tar.gz nix-shell -p vagrant
 
 
-Generating and deploying keys
-`````````````````````````````
+Generating keys
+```````````````
 
 ``config.json`` has the paths for the Ristretto and the Stripe secret key files.
 
@@ -72,6 +72,16 @@ The ZKAPIssuer.service needs a working TLS certificate and expects it in the cer
 
 Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/payments.localdev/`` directory and issue a ``sudo systemctl restart zkapissuer.service``.
 
+Create Wireguard VPN key pairs in ``PrivateStorageSecrets/monitoringvpn/`` or where you have them::
+
+  for i in "172.23.23.11" "172.23.23.12" "172.23.23.13" "server"; do
+    wg genkey | tee ${i}.key | wg pubkey > ${i}.pub
+  done
+
+And a shared VPN key for "post-quantum resistance"::
+
+  wg genpsk > preshared.key
+
 
 Use the local development environment
 `````````````````````````````````````