diff --git a/docs/buildah-bud.md b/docs/buildah-bud.md
index c85978ea885..874f23a6ebb 100644
--- a/docs/buildah-bud.md
+++ b/docs/buildah-bud.md
@@ -180,7 +180,7 @@ value can be entered.  The password is entered without echo.
 
 **--decryption-key** *key*
 
-A reference required to perform decryption of container images. This should point to files which represent keys and/or certificates that can be used for decryption. Decryption will be tried with all keys. This feature is still *experimental*.
+The [keyfile[:passphrase]] to be used for decryption of images. Keyfile can point to keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and ommitted otherwise.
 
 **--device**=*device*
 
diff --git a/docs/buildah-from.md b/docs/buildah-from.md
index f38fef7f22d..40cbf2343a7 100644
--- a/docs/buildah-from.md
+++ b/docs/buildah-from.md
@@ -170,7 +170,7 @@ value can be entered.  The password is entered without echo.
 
 **--decryption-key** *key*
 
-A reference required to perform decryption of container images. This should point to files which represent keys and/or certificates that can be used for decryption. Decryption will be tried with all keys. This feature is still *experimental*.
+The [keyfile[:passphrase]] to be used for decryption of images. Keyfile can point to keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and ommitted otherwise.
 
 **--device**=*device*
 
diff --git a/docs/buildah-pull.md b/docs/buildah-pull.md
index 2e5bd774d0a..5764190cbbe 100644
--- a/docs/buildah-pull.md
+++ b/docs/buildah-pull.md
@@ -64,7 +64,7 @@ value can be entered.  The password is entered without echo.
 
 **--decryption-key** *key*
 
-A reference required to perform decryption of container images. This should point to files which represent keys and/or certificates that can be used for decryption. Decryption will be tried with all keys. This feature is still *experimental*.
+The [keyfile[:passphrase]] to be used for decryption of images. Keyfile can point to keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and ommitted otherwise.
 
 **--quiet, -q**
 
diff --git a/docs/buildah-push.md b/docs/buildah-push.md
index c14923cdf9d..7b9b7805a2f 100644
--- a/docs/buildah-push.md
+++ b/docs/buildah-push.md
@@ -68,7 +68,7 @@ Don't compress copies of filesystem layers which will be pushed.
 
 **--encryption-key** *key*
 
-A reference prefixed with the encryption protocol to use. The supported protocols are JWE, PGP and PKCS7. For instance, jwe:/path/to/key.pem or pgp:admin@example.com or pkcs7:/path/to/x509-file. This feature is still *experimental*.
+The [protocol:keyfile] specifies the encryption protocol, which can be JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material required for image encryption. For instance, jwe:/path/to/key.pem or pgp:admin@example.com or pkcs7:/path/to/x509-file.
 
 **--format, -f**