README.md in kms_encrypted-1.0.0 vs README.md in kms_encrypted-1.0.1

- old
+ new

@@ -3,17 +3,19 @@
 Simple, secure key management for [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted)
 
 With KMS Encrypted:
 
 - Master encryption keys are not on application servers
+- Encrypt and decrypt permissions can be granted separately
 - There’s an immutable audit log of all activity
 - Decryption can be disabled if an attack is detected
-- Encrypt and decrypt permissions can be granted separately
 - It’s easy to rotate keys
 
 Supports [AWS KMS](https://aws.amazon.com/kms/), [Google Cloud KMS](https://cloud.google.com/kms/), and [Vault](https://www.vaultproject.io/)
 
+Check out [this post](https://ankane.org/sensitive-data-rails) for more info on securing sensitive data with Rails
+
 [![Build Status](https://travis-ci.org/ankane/kms_encrypted.svg?branch=master)](https://travis-ci.org/ankane/kms_encrypted)
 
 ## How It Works
 
 This approach uses a key management service (KMS) to manage encryption keys and attr_encrypted to do the encryption.
@@ -27,9 +29,31 @@
 Follow the instructions for your key management service:
 
 - [AWS KMS](guides/Amazon.md)
 - [Google Cloud KMS](guides/Google.md)
 - [Vault](guides/Vault.md)
+
+## Outside Models
+
+To encrypt and decrypt outside of models, create a box:
+
+```ruby
+kms = KmsEncrypted::Box.new
+```
+
+You can pass `key_id`, `version`, and `previous_versions` if needed.
+
+Encrypt
+
+```ruby
+kms.encrypt(message, context: {model_name: "User", model_id: 123})
+```
+
+Decrypt
+
+```ruby
+kms.decrypt(ciphertext, context: {model_name: "User", model_id: 123})
+```
 
 ## Related Projects
 
 To securely search encrypted data, check out [Blind Index](https://github.com/ankane/blind_index).
 