diff --git a/DECISIONS.md b/DECISIONS.md
index c30e101..68df35f 100644
--- a/DECISIONS.md
+++ b/DECISIONS.md
@@ -35,3 +35,22 @@ Net-Kingdom and Railiance both should be optimized for ai-first development. As
 For this decision it follows that plain helm is fine for starting projects up to keep them lightweight as long as this is helpful and then upgrade/integrate to flux.
 
 ---
+
+## D4 — Secret injection strategy: External Secrets Operator vs Vault Agent Injector
+
+**Date:** 2026-03-01  
+**Decided by:** Tegwick  
+
+We go forward using ESO keeping track of possible downsides for later review if they show themselves as relevant.
+
+---
+
+## D5 — File-based bootstrap user store: separate repo vs in-workplan task vs defer
+
+**Date:** 2026-03-01  
+**Decided by:** Tegwick  
+
+We will go with implementing this as local-identity but not separate it into a repo on its own for now. 
+Create a documentation file LocalIdentity.md that explaines this as a capability of the net-kingdom bootstrapping infrastructure and explain the upside. Establish clear boundaries for what should be achieved and adress the risks by providding propper out of scope limitations. Then create a separate workplan to implement this in stages with proper documentation. The workplan should include making sure that the local-identity is properly secured by filesystem rights a later stage functionality. The plan should also provide guidance about how to provide minimal OIDC by rebuilding it natively to avoid dependencies according to the goal of easily bootstrapping without heavy dependencies. Finally reference the new workplan from the original workplan and register dependencies explicitly if necessary.
+
+---