diff --git a/docs/howto/read.rst b/docs/howto/read.rst
index 67bc231..472e0dd 100644
--- a/docs/howto/read.rst
+++ b/docs/howto/read.rst
@@ -74,6 +74,11 @@ can write the secret to a specific file:
     with ways to write on ephemeral storage, and check your umask__ and the permissions
     of the created file. See :ref:`SystemD` for safe integration strategies.
 
+.. note::
+
+    ``vault-cli env`` also allows you to write secrets to a file just before launching
+    an arbitrary command.
+
 .. __: https://en.wikipedia.org/wiki/Umask
 
 
diff --git a/docs/howto/systemd.rst b/docs/howto/systemd.rst
index a4da671..3b49cc5 100644
--- a/docs/howto/systemd.rst
+++ b/docs/howto/systemd.rst
@@ -97,8 +97,8 @@ Save and quit the file. Load you new configuration file with:
    $ sudo systemctl daemon-reload
    $ sudo systemctl restart myprogram.service
 
-Writing a single secret to a file before start
-----------------------------------------------
+Writing secrets to files on the filesystem before start
+-------------------------------------------------------
 
 In some cases, you will need to have a file in the filesystem that
 contains directly the secret. This is often the case with private keys.
@@ -110,8 +110,8 @@ be written on disk.
 
 .. __: https://en.wikipedia.org/wiki/RAM_drive
 
-In this case, we’ll also create a service override file, but this time,
-we will be adding a command that launches before our main command:
+In this case, we’ll also create a service override file. We'll add a wrapper
+arount our program like before.
 
 .. code:: console
 
@@ -119,7 +119,7 @@ we will be adding a command that launches before our main command:
    # opens a new file for edition
    [Service]
    TemporaryFileSystem=/private
-   ExecStartPre=vault-cli get mysecret --output=/private/path/to/secret/file
+   ExecStart=vault-cli env --file mysecret:key=/private/path/to/secret/file -- myprogram --options
 
 Save and quit the file. Load your new configuration file with:
 
@@ -131,7 +131,7 @@ Save and quit the file. Load your new configuration file with:
 You will need to configure ``myprogram`` to look for your
 secret file at ``/private/path/to/secret/file``.
 
-If you need several files, you can repeat the ``ExecStartPre`` line as
+If you need several files, you can add more ``--file`` options, as
 many times as needed.
 
 .. note::