diff --git a/doc/operation.rst b/doc/operation.rst
index 7bcc007d5..c03e86d7d 100644
--- a/doc/operation.rst
+++ b/doc/operation.rst
@@ -1451,6 +1451,7 @@ tools, like in the following example sequence of shell commands (for a PEM kesyt
    $ knotc -b zone-freeze
    $ keymgr -l | while read zone; do keymgr "${zone}" list; done | \
               sed 's@ .*$@.pem\$@' > ~/active_keys.pattern
+   $ keymgr -- trash-list | sed 's@ .*$@.pem\$@' >> ~/active_keys.pattern
    $ find $KEYSTORE -maxdepth 1 -type f | grep -v -f ~/active_keys.pattern | xargs rm
    $ knotc -b zone-thaw
 
@@ -1464,6 +1465,7 @@ or for a PKCS #11 keystore (using the ``p11tool`` command from
    $ knotc -b zone-freeze
    $ keymgr -l | while read zone; do keymgr "${zone}" list; done | \
               sed 's@ .*$@@' > ~/active_keys
+   $ keymgr -- trash-list | sed 's@ .*$@@' >> ~/active_keys
    $ sed "s/../%&/g;s/[a-z]/\U&/g;s/^/id=/;s/$/\;/" < ~/active_keys > ~/active_keys.pattern
    $ p11tool --login --set-pin $MYPIN --list-all-privkeys --only-urls $MYTOKEN | \
               grep -v -f ~/active_keys.pattern | \