diff --git a/examples/cephfs/secret.yaml b/examples/cephfs/secret.yaml
index 6cb1f8f8c..0eb370781 100644
--- a/examples/cephfs/secret.yaml
+++ b/examples/cephfs/secret.yaml
@@ -12,3 +12,6 @@ stringData:
   # Required for dynamically provisioned volumes
   adminID: <plaintext ID>
   adminKey: <Ceph auth key corresponding to ID above>
+
+  # Encryption passphrase
+  encryptionPassphrase: test_passphrase
diff --git a/examples/cephfs/storageclass.yaml b/examples/cephfs/storageclass.yaml
index b23fa0213..4dab9ea2d 100644
--- a/examples/cephfs/storageclass.yaml
+++ b/examples/cephfs/storageclass.yaml
@@ -52,6 +52,17 @@ parameters:
   # (defaults to `false`)
   # backingSnapshot: "true"
 
+  # (optional) Instruct the plugin it has to encrypt the volume
+  # By default it is disabled. Valid values are "true" or "false".
+  # A string is expected here, i.e. "true", not true.
+  # encrypted: "true"
+
+  # (optional) Use external key management system for encryption passphrases by
+  # specifying a unique ID matching KMS ConfigMap. The ID is only used for
+  # correlation to configmap entry.
+  # encryptionKMSID: <kms-config-id>
+
+
 reclaimPolicy: Delete
 allowVolumeExpansion: true
 mountOptions:
diff --git a/examples/kms/vault/vault.yaml b/examples/kms/vault/vault.yaml
index 379b8897a..8621a8b73 100644
--- a/examples/kms/vault/vault.yaml
+++ b/examples/kms/vault/vault.yaml
@@ -169,7 +169,7 @@ spec:
             - name: PLUGIN_ROLE
               value: csi-kubernetes
             - name: SERVICE_ACCOUNTS
-              value: rbd-csi-nodeplugin,rbd-csi-provisioner,csi-rbdplugin,csi-rbdplugin-provisioner
+              value: rbd-csi-nodeplugin,rbd-csi-provisioner,csi-rbdplugin,csi-rbdplugin-provisioner,cephfs-csi-nodeplugin,cephfs-csi-provisioner,csi-cephfsplugin,csi-cephfsplugin-provisioner
             - name: SERVICE_ACCOUNTS_NAMESPACE
               value: default
             - name: VAULT_ADDR