diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..093c692
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,8 @@
+vars/group_vars/proxmox/secrets_vm.yml diff=ansible-vault merge=binary
+vars/group_vars/all/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/docker/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/k3s/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/k3s/secrets_token.yml diff=ansible-vault merge=binary
+vars/group_vars/kubernetes/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/proxmox/secrets.yml diff=ansible-vault merge=binary
+vars/group_vars/proxmox/secrets_vm.yml diff=ansible-vault merge=binary
diff --git a/README.md b/README.md
index 283e04c..f96a62f 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,17 @@ The following roles are defined:
     ansible-playbook -i vars/k3s.ini playbooks/kubernetes_setup.yml
     ```
 
+## Notes
+
+### Vault Git Diff
+
+This repo has a `.gitattributes` which points at the repos ansible-vault files.
+These can be temporarily decrypted for git diff by adding this in conjunction with the `.gitattributes`:
+```sh
+# https://stackoverflow.com/questions/29937195/how-to-diff-ansible-vault-changes
+git config --global diff.ansible-vault.textconv "ansible-vault view"
+```
+
 ## Disclaimer
 
 This project is highly customized for the author's specific environment. Using it without modification is not recommended.