diff --git a/README.md b/README.md
index 6b7bf70..5c6b6a9 100644
--- a/README.md
+++ b/README.md
@@ -24,9 +24,9 @@ This repository is a copy of [coop-cloud/mastodon](https://git.autonomic.zone/co
 1. `abra app new mastodon`
 1. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
    your Docker swarm box.
-1. Follow the secrets setup documentation below.
+1. Follow the [secrets setup documentation below](#secrets-setup)
+1. Follow the [datbase setup documentation below](#database-setup)
 1. `abra app YOURAPPDOMAIN deploy --no-domain-poll`. App will fail for now.
-1. `abra app mastodon run streaming rake db:setup`
 1. Open the configured domain in your browser to finish set-up. To make an admin account `abra app mastodon run web "bin/tootctl accounts create coolusername --email helo@autonomic.zone --confirmed --role admin"`
 
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
@@ -34,8 +34,6 @@ This repository is a copy of [coop-cloud/mastodon](https://git.autonomic.zone/co
 
 ## Secrets setup
 
-> WARNING: the abra secret insertion doesn't work at all! You have to use `docker secret create`. We'll fix this soon
-
 Because Mastodon expects secrets generated by specific tools, we don't support that in `abra` yet. However, you can run these commands yourself using the underlying Docker CLI. You can then load them in as secrets to the swarm using `abra` though and then they will be picked up on the deployment.
 
 First, generate the `SECRET_KEY_BASE` and `OTP_SECRET` and store them in your local shell environment, you'll need them for subsequent commands.
@@ -43,8 +41,8 @@ First, generate the `SECRET_KEY_BASE` and `OTP_SECRET` and store them in your lo
 ```
 $ SECRET_KEY_BASE=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
 $ OTP_SECRET=$(docker run --rm tootsuite/mastodon:v3.4.0 bundle exec rake secret)
-$ printf $SECRET_KEY_BASE | abra app YOURAPPDOMAIN secret insert secret_key_base v1 -
-$ printf $OTP_SECRET | abra app YOURAPPDOMAIN secret insert otp_secret v1 -
+$ abra app YOURAPPDOMAIN secret insert secret_key_base v1 $SECRET_KEY_BASE
+$ abra app YOURAPPDOMAIN secret insert otp_secret v1 $OTP_SECRET
 ```
 
 Then you need to generate the `VAPID_{PUBLIC/PRIVATE}_KEY` values using the `SECRET_KEY_BASE`/`OTP_SECRET`:
@@ -60,12 +58,26 @@ $ docker run \
 Once you see the values generated, you can load the `VAPID_PUBLIC_KEY` into your `.env` file and `VAPID_PRIVATE_KEY` into a secret.
 
 ```
-$ printf YOURVAPIDPRIVATEKEY | abra app YOURDOMAIN secret insert vapid_private_key v1 -
+$ abra app YOURDOMAIN secret insert vapid_private_key v1 YOURVAPIDPRIVATEKEY
 ```
 
 And finally, to end your whirlwind secrets loading adventure, get the `DB_PASS` and `SMTP_PASSWORD` loaded.
 
 ```
 $ abra app YOURAPPDOMAIN secret generate db_password v1
-$ printf YOURSMTPPASSWORD | abra app YOURDOMAIN secret insert smtp_password v1 -
+$ abra app YOURDOMAIN secret insert smtp_password v1 YOURSMTPPASSWORD
 ```
+
+## Database setup
+
+You need to run `rake db:setup` against the database before the installation will be succesful. To do this, you need to shell into the `streaming` service and run the command while making some environment variables available.
+
+```
+$ abra app social.lumbung.space run streaming bash
+$ export OTP_SECRET=$(cat /run/secrets/otp_secret)
+$ export SECRET_KEY_BASE=$(cat /run/secrets/secret_key_base)
+$ export DB_PASS=$(cat /run/secrets/db_password)
+$ bundle exec rake db:setup
+```
+
+The rest of the services will then stabilise when they have a connection to the database.