diff --git a/README.md b/README.md
index aa3d0325d1c677b89f366a1dda5335f439f956fe..7fa02f652ff4241177b4012d4312dbfeaad14c39 100644
--- a/README.md
+++ b/README.md
@@ -117,6 +117,13 @@ project), projects using Terraform need:
     to allow the dedicated user to connect to the hosted virtual machines
     ([portal documentation](https://ci.inria.fr/doc/page/slaves_access_tutorial/#register-your-ssh-public-key)).
     for details on how to register a public key on the portal.
+    The contents of the public key file should also be added as a variable
+    **TF_VAR_SSH_PUBLIC_KEY** of type **Variable** in CI/CD settings:
+    the Terraform configuration file [`main.tf`](main.tf) substitutes
+    the public key in the cloud-init script template
+    [`cloud-init.sh.tftpl`](cloud-init.sh.tftpl),
+    to register the key in the file `~ci/.ssh/authorized_keys`
+    in deployed virtual machines.
 
 - The repository contains a `backend.tf` file for connecting
   Terraform with GitLab.
@@ -163,7 +170,7 @@ variable "SSH_PUBLIC_KEY" {
 }
 ```
 The value of the `SSH_PUBLIC_KEY` variable will be stored in the file
-`~/.ssh/authorized_keys` in virtual machines, so that Terraform can
+`~ci/.ssh/authorized_keys` in virtual machines, so that Terraform can
 connect to the virtual machines with the private key to unregister the
 runners before destroying the machines.
 
@@ -231,7 +238,7 @@ resource "cloudstack_instance" "custom_instance" {
   by substituting `${REGISTRATION_TOKEN}` with the value of the variable
   passed to Terraform.
 - We pass also the `SSH_PUBLIC_KEY` to the template file to have its
-  value written in the `~/.ssh/authorized_keys` file.
+  value written in the `~ci/.ssh/authorized_keys` file.
   We configure the connection via ssh to the runner: `gter001` is the
   login of the dedicated user on ci.inria.fr, and we will make sure
   in the next section that the private key is written in the file