README.md in lockbox-0.4.1 vs README.md in lockbox-0.4.2

- old
+ new

@@ -149,12 +149,14 @@
 
 Be sure to include the `inspect` at the end or it won’t be encoded properly in YAML.
 
 #### Migrating Existing Data
 
-Lockbox makes it easy to encrypt an existing column. Add a new column for the ciphertext, then add to your model:
+Lockbox makes it easy to encrypt an existing column without downtime.
 
+Add a new column for the ciphertext, then add to your model:
+
 ```ruby
 class User < ApplicationRecord
   encrypts :email, migrating: true
 end
 ```
@@ -272,10 +274,38 @@
   user = User.find(params[:id])
   send_data user.license.download, type: user.license.content_type
 end
 ```
 
+#### Migrating Existing Files [experimental]
+
+**Note:** This feature is experimental. Please try it in a non-production environment and let us know how it goes.
+
+Lockbox makes it easy to encrypt existing files without downtime.
+
+Add to your model:
+
+```ruby
+class User < ApplicationRecord
+  encrypts_attached :license, migrating: true
+end
+```
+
+Migrate existing files:
+
+```ruby
+Lockbox.migrate(User)
+```
+
+Then update the model to the desired state:
+
+```ruby
+class User < ApplicationRecord
+  encrypts_attached :license
+end
+```
+
 ## CarrierWave
 
 Add to your uploader:
 
 ```ruby
@@ -311,10 +341,55 @@
   user = User.find(params[:id])
   send_data user.license.read, type: user.license.content_type
 end
 ```
 
+#### Migrating Existing Files
+
+Encrypt existing files without downtime. Create a new encrypted uploader:
+
+```ruby
+class LicenseV2Uploader < CarrierWave::Uploader::Base
+  encrypt key: Lockbox.attribute_key(table: "users", attribute: "license")
+end
+```
+
+Add a new column for the uploader, then add to your model:
+
+```ruby
+class User < ApplicationRecord
+  mount_uploader :license_v2, LicenseV2Uploader
+
+  before_save :migrate_license, if: :license_changed?
+
+  def migrate_license
+    self.license_v2 = license
+  end
+end
+```
+
+Migrate existing files:
+
+```ruby
+User.find_each do |user|
+  if user.license? && !user.license_v2?
+    user.migrate_license
+    user.save!
+  end
+end
+```
+
+Then update the model to the desired state:
+
+```ruby
+class User < ApplicationRecord
+  mount_uploader :license, LicenseV2Uploader, mount_on: :license_v2
+end
+```
+
+Finally, delete the unencrypted files and drop the column for the original uploader. You can also remove the `key` option from the uploader.
+
 ## Shrine
 
 Generate a key
 
 ```ruby
@@ -446,11 +521,11 @@
 Use `master_key` instead of `key` if passing the master key.
 
 To rotate existing files, use:
 
 ```ruby
-User.find_each do |user|
+User.with_attached_license.find_each do |user|
   user.license.rotate_encryption!
 end
 ```
 
 Once all files are rotated, you can remove `previous_versions` from the model.
@@ -570,10 +645,10 @@
 
 Heroku [comes with libsodium](https://devcenter.heroku.com/articles/stack-packages) preinstalled.
 
 ##### Ubuntu
 
-For Ubuntu 18.04, use:
+For Ubuntu 20.04 and 18.04, use:
 
 ```sh
 sudo apt-get install libsodium23
 ```
 