diff --git a/docker-compose/examples/hashicorpvault/README.md b/docker-compose/examples/hashicorpvault/README.md
index 4e12d71..68548dd 100644
--- a/docker-compose/examples/hashicorpvault/README.md
+++ b/docker-compose/examples/hashicorpvault/README.md
@@ -42,7 +42,9 @@ docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --fi
 
 ## Push
 
-Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo.
+Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Once you have a registry available you can use it like so:
+- On your OS install a Docker credential helper per [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers). This will make sure you won't store credentials hashed (and unencrypted) in `~/.docker/config.json`. On an example Arch Linux machine where D-Bus Secret Service exists this will come via something like the [docker-credential-secretservice-bin](https://aur.archlinux.org/packages/docker-credential-secretservice-bin) Arch User Repository package. Just install and you're done.
+- Do a `docker login registry.example.com`, enter username and password, confirm login.
 
 ```
 source "${COMPOSE_ENV}"
diff --git a/docker-compose/{{ cookiecutter.__project_slug }}/README.md b/docker-compose/{{ cookiecutter.__project_slug }}/README.md
index af00901..b489893 100644
--- a/docker-compose/{{ cookiecutter.__project_slug }}/README.md	
+++ b/docker-compose/{{ cookiecutter.__project_slug }}/README.md	
@@ -47,7 +47,9 @@ docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --fi
 {% endfor %}
 ## Push
 
-Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo.
+Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Once you have a registry available you can use it like so:
+- On your OS install a Docker credential helper per [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers). This will make sure you won't store credentials hashed (and unencrypted) in `~/.docker/config.json`. On an example Arch Linux machine where D-Bus Secret Service exists this will come via something like the [docker-credential-secretservice-bin](https://aur.archlinux.org/packages/docker-credential-secretservice-bin) Arch User Repository package. Just install and you're done.
+- Do a `docker login registry.example.com`, enter username and password, confirm login.
 
 ```
 source "${COMPOSE_ENV}"