docs/secrets: document sops import

docs/secrets-management.md

@@ -132,3 +132,25 @@ For convenience, Clan CLI allows group creation to simplify access management. H
    ```console
    $ clan secrets groups add-secret <group_name> <secret_name>
    ```
+
+# NixOS integration
+
+A NixOS machine will automatically import all secrets that were encrypted for the same.
+At runtime it will
+
+# Importing existing sops-based keys / sops-nix
+
+`clan secrets` stores each secrets in a single file, whereas [sops](https://github.com/Mic92/sops-nix)
+commonly allows to put all secrets in a yaml or json documents.
+
+If you already happend to use sops-nix, you can migrate by using the `clan secrets import-sops` command by importing these documents:
+
+```console
+% clan secrets import-sops --prefix matchbox- --group admins --machine matchbox nixos/matchbox/secrets/secrets.yaml
+```
+
+This will create secrets for each secret found in `nixos/matchbox/secrets/secrets.yaml` in a ./sops folder of your repository.
+Each member of the group `admins` will be able
+
+Since our clan secret module will auto-import secrets that are encrypted for a particular nixos machine,
+you can now remove `sops.secrets.<secrets> = { };` unless you need to specify more options for the secret like owner/group of the secret file.