diff --git a/pkgs/clan-cli/clan_cli/machines/create.py b/pkgs/clan-cli/clan_cli/machines/create.py
index 1995bf38c..fc73cac93 100644
--- a/pkgs/clan-cli/clan_cli/machines/create.py
+++ b/pkgs/clan-cli/clan_cli/machines/create.py
@@ -81,6 +81,7 @@ def create_machine(opts: CreateOptions) -> None:
         msg = "Machine name must be a valid hostname"
         raise ClanError(msg, location="Create Machine")
 
+    # lopter@(2024-10-22): Could we just use warn and use the existing config?
     if dst.exists():
         msg = f"Machine {machine_name} already exists in {clan_dir}"
         description = (
diff --git a/pkgs/clan-cli/clan_cli/secrets/sops.py b/pkgs/clan-cli/clan_cli/secrets/sops.py
index 8db72e88d..316419101 100644
--- a/pkgs/clan-cli/clan_cli/secrets/sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/sops.py
@@ -245,6 +245,11 @@ def maybe_get_admin_public_key() -> None | SopsKey:
         return None
 
     if len(keyring) > 1:
+        # louis@(2024-10-22):
+        #
+        # This is confusing when it shows up and you have no information
+        # about where each key is going from, could we log the discovery
+        # of each key?
         msg = (
             f"Found more than {len(keyring)} public keys in your "
             f"environment/system and cannot decide which one to "
diff --git a/pkgs/clan-cli/clan_cli/secrets/types.py b/pkgs/clan-cli/clan_cli/secrets/types.py
index 0a2121cab..52d819ea6 100644
--- a/pkgs/clan-cli/clan_cli/secrets/types.py
+++ b/pkgs/clan-cli/clan_cli/secrets/types.py
@@ -21,14 +21,15 @@ def secret_name_type(arg_value: str) -> str:
 def public_or_private_age_key_type(arg_value: str) -> str:
     if Path(arg_value).is_file():
         arg_value = Path(arg_value).read_text().strip()
-    if arg_value.startswith("age1"):
-        return arg_value.strip()
-    if arg_value.startswith("AGE-SECRET-KEY-"):
-        return get_public_age_key(arg_value)
-    if not arg_value.startswith("age1"):
-        msg = f"Please provide an age key starting with age1, got: '{arg_value}'"
-        raise ClanError(msg)
-    return arg_value
+    for line in arg_value.splitlines():
+        if line.startswith("#"):
+            continue
+        if line.startswith("age1"):
+            return line.strip()
+        if line.startswith("AGE-SECRET-KEY-"):
+            return get_public_age_key(line)
+    msg = f"Please provide an age key starting with age1 or AGE-SECRET-KEY-, got: '{arg_value}'"
+    raise ClanError(msg)
 
 
 def group_or_user_name_type(what: str) -> Callable[[str], str]: