diff --git a/_docs/content/_index.md b/_docs/content/_index.md
index 28825b2..8403946 100644
--- a/_docs/content/_index.md
+++ b/_docs/content/_index.md
@@ -95,6 +95,29 @@ steps:
       tags: latest
 ```
 
+#### Expose secrets to the build
+
+The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
+
+```Yaml
+kind: pipeline
+name: default
+
+steps:
+  - name: docker
+    image: thegeeklab/drone-docker-buildx:23
+    privileged: true
+    environment:
+      SECURE_TOKEN:
+        from_secret: secure_token
+    settings:
+      secrets:
+        - "id=raw_file_secret,src=file.txt"
+        - "id=SECRET_TOKEN"
+```
+
+To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
+
 ## Build
 
 Build the binary with the following command:
diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml
index 181bda8..05dcaa8 100644
--- a/_docs/data/data.yaml
+++ b/_docs/data/data.yaml
@@ -267,6 +267,6 @@ properties:
     required: false
 
   - name: secrets
-    description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
+    description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
     type: list
     required: false
diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go
index 479d720..0b44da6 100644
--- a/cmd/drone-docker-buildx/config.go
+++ b/cmd/drone-docker-buildx/config.go
@@ -324,7 +324,7 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 		&cli.StringSliceFlag{
 			Name:        "secrets",
 			EnvVars:     []string{"PLUGIN_SECRETS"},
-			Usage:       "secret key-value pairs",
+			Usage:       "exposes secrets to the build",
 			Destination: &settings.Build.Secrets,
 			Category:    category,
 		},
diff --git a/plugin/impl.go b/plugin/impl.go
index b4cfeca..6f3f371 100644
--- a/plugin/impl.go
+++ b/plugin/impl.go
@@ -65,7 +65,7 @@ type Build struct {
 	Labels       cli.StringSlice // Docker build labels
 	Provenance   string          // Docker build provenance attestation
 	SBOM         string          // Docker build sbom attestation
-	Secrets      cli.StringSlice // Docker build secret key-pairs
+	Secrets      cli.StringSlice // Docker build secrets
 }
 
 // Settings for the Plugin.