diff --git a/README.md b/README.md
index 82a4bed..b84eda7 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,7 @@ These helpers are internal implementation details used by `StorageRouter`. They
 - **FileDirectory** - documents, caches, custom URL
 - **StorageError** - Comprehensive error types
 - **StorageKeyDescriptor** - Audit snapshot of a key’s storage metadata
+- **EncryptionConfiguration** - Global encryption settings (Keychain identifiers, key length)
 - **AnyStorageKey** - Type-erased storage key for catalogs
 - **AnyCodable** - Type-erased Codable for mixed-type payloads
 
@@ -136,6 +137,21 @@ For app-level configuration (App Group identifiers, keychain service identifiers
 - Default security policy: `SecurityPolicy.recommended` (ChaCha20-Poly1305 + HKDF)
 - External key material providers can be registered via `StorageRouter`
 
+#### Global Encryption Configuration
+
+You can customize the identifiers used for the master key in the Keychain:
+
+```swift
+let config = EncryptionConfiguration(
+    masterKeyService: "com.myapp.LocalData",
+    masterKeyAccount: "MasterKey"
+)
+await StorageRouter.shared.updateEncryptionConfiguration(config)
+```
+
+> [!WARNING]
+> Changing the `masterKeyService` or `masterKeyAccount` in an existing app will cause the app to look for the master key in a new location. Previously encrypted data will be lost.
+
 ```swift
 struct RemoteKeyProvider: KeyMaterialProviding {
     func keyMaterial(for keyName: String) async throws -> Data {