diff --git a/CHANGES.md b/CHANGES.md
index 3d19e262cd..0b72981d65 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,20 @@
+## Aug 11 2016
+
+Reworked SSH keys and support for running CI builds
+
+* SSH keys are now stored as secrets.  `--ssh-public-key` will be created when you do `kops create cluster`.
+  You no longer need to specify a `--ssh-public-key` when you do an update, but if you do it will be imported.
+* An SSH public key must exist for AWS, if you do not have one you can import one with:
+  `kops create secret --name $CLUSTER_NAME sshpublickey admin -i ~/.ssh/id_rsa.pub`
+* For AWS, only a single SSH key can be used; you can delete extra keys with `kops delete secret`
+* To support changing SSH keys reliably, the name of the imported AWS SSH keypair will change to include
+  the OpenSSH key fingerprint.  Existing clusters will continue to work, but you will likely be prompted to
+  do a rolling update when you would otherwise not have to.  I suggest waiting till you next upgrade kubernetes.
+
+* Builds that are not published as Docker images can be run.  `kops` will pass a list of images in the NodeUp
+  configuration, and NodeUp will download and `docker load` these images.  For examples, see the
+  [testing tips](docs/testing.md)
+
 ## Jul 21 2016
 
 More rational model/UX - `kops create cluster` just creates spec, `kops update cluster` does real creation:
diff --git a/README.md b/README.md
index 629b898ea4..c92d6dc7b3 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,10 @@ Some of the more interesting features:
 
 ## Recent changes
 
+Improvements are being made almost daily, but bigger changes are described here (until we get to
+a more formal release process):
+
+* Reworked SSH keys and support for running CI builds [Aug 11 2016](CHANGES.md#aug-11-2016)
 * Create command was split into create and update [Jul 21 2016](CHANGES.md#jul-21-2016)
 
 ## Installation