diff --git a/README.md b/README.md
index 69b10e9..9f2fa0f 100644
--- a/README.md
+++ b/README.md
@@ -36,23 +36,23 @@ logs:
 3. **Generate private keys:**
 ```bash
 mkdir -p /etc/tesseract/keys
-./tesseract-genconf -c config.yaml gen-key
+./tesseract-genconf -c config.yaml --write gen-key
 ```
 
 4. **Create directories and generate environment files:**
 ```bash
 mkdir -p /var/lib/tesseract/example2025h1/data
-./tesseract-genconf -c config.yaml gen-env
+./tesseract-genconf -c config.yaml --write gen-env
 ```
 
 5. **Generate HTML and JSON files:**
 ```bash
-./tesseract-genconf -c config.yaml gen-html
+./tesseract-genconf -c config.yaml --write gen-html
 ```
 
 6. **Generate nginx configuration files:**
 ```bash
-./tesseract-genconf -c config.yaml gen-nginx
+./tesseract-genconf -c config.yaml --write gen-nginx
 ```
 
 The port from the main `listen:` field will be used in the NGINX server blocks (in our case
@@ -66,3 +66,25 @@ The port from the main `listen:` field will be used in the NGINX server blocks (
 # For production environment, take the ccadb 'production' roots
 ./tesseract-genconf gen-roots --source https://gouda2027h2.log.ct.ipng.ch/ --output roots-production.pem
 ```
+
+### Safe File Operations with `--diff` and `--write`
+
+The `tesseract-genconf` tool includes safety features to prevent accidental file modifications:
+
+- **`--diff`**: Shows colored unified diffs of what would change without writing files
+- **`--write`**: Required flag to actually write files to disk
+- **`--no-color`**: Disables colored diff output (useful for redirecting to files)
+
+**Recommended workflow:**
+```bash
+# 1. First, preview changes with --diff
+./tesseract-genconf -c config.yaml --diff gen-html
+
+# 2. Review the colored diff output, then apply changes
+./tesseract-genconf -c config.yaml --write gen-html
+
+# 3. Or combine both to see diffs and write files
+./tesseract-genconf -c config.yaml --diff --write gen-html
+```
+
+**Note:** Flags must come before the command name (e.g., `--diff gen-html`, not `gen-html --diff`).