diff --git a/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md b/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md
index dbd6920c1..95c1a4604 100644
--- a/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md
+++ b/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md
@@ -9,9 +9,11 @@ Accepted
 
 Applications need to be configured differently depending on where they are running. For example, the backend running locally will have different configuration then the backend running in production.
 
+Further, environment variables can be designated "secret" or not; the term "secret key" is often used in place of secret environment variables. Secret keys are sometimes (but not always) shared between different deployment environments, which makes it useful to have a central "single source of truth" where a secret key can be kept and copied out to different environments. CircleCI solves this use case for us, allowing secret keys to be managed by the project's Environment Variables, and accessed in the deployment process to write to cloud.gov applications.
+
 ## Decision
 
-We will use environment variables to configure applications.
+We will use environment variables to configure applications. We will use Environment Variables in CircleCI to store and manage secret keys.
 
 ## Consequences