diff --git a/doc/age.1.ronn b/doc/age.1.ronn
index 70ef822..a614a97 100644
--- a/doc/age.1.ronn
+++ b/doc/age.1.ronn
@@ -173,6 +173,31 @@ An encrypted file _can_ be linked to the SSH public key it was encrypted to.
 This is so that `age` can identify the correct SSH private key before
 requesting its password, if any.
 
+### Plugins
+
+`age` can be extended through plugins. A plugin is only loaded if a corresponding
+`RECIPIENT` or `IDENTITY` is specified. (Simply decrypting a file encrypted with
+a plugin will not cause it to load, for security reasons among others.)
+
+A `RECIPIENT` for a plugin named `example` starts with `age1example1`, while an
+`IDENTITY` starts with `AGE-PLUGIN-EXAMPLE-1`. They both encode arbitrary
+plugin-specific data, and are generated by the plugin.
+
+When either is specified, `age` searches for `age-plugin-example` in the PATH
+and executes it to perform the file header encryption or decryption. The plugin
+may request input from the user through `age` to complete the operation.
+
+Plugins can be freely mixed with other plugins or natively supported keys.
+
+A plugin is not bound to only encrypt or decrypt files meant for or generated by
+the plugin. For example, a plugin can be used to decrypt files encrypted to a
+native X25519 `RECIPIENT` or even with a passphrase. Similarly, a plugin can
+encrypt a file such that it can be decrypted without the use of any plugin.
+
+Plugins for which the `IDENTITY`/`RECIPIENT` distinction doesn't make sense may
+generate only an `IDENTITY` and instruct the user to perform encryption with the
+`-e`/`--encrypt` and `-i`/`--identity` flags.
+
 ## EXIT STATUS
 
 `age` will exit 0 if and only if encryption or decryption are successful for the
@@ -244,6 +269,14 @@ Encrypt and decrypt with an SSH public key:
 
     $ age -d -i ~/.ssh/id_ed25519 example.jpg.age > example.jpg
 
+Encrypt and decrypt with age-plugin-yubikey:
+
+    $ age-plugin-yubikey # run interactive setup, generate identity file and obtain recipient
+
+    $ age -r age1yubikey1qwt50d05nh5vutpdzmlg5wn80xq5negm4uj9ghv0snvdd3yysf5yw3rhl3t secrets.txt > secrets.txt.age
+
+    $ age -d -i age-yubikey-identity-388178f3.txt secrets.txt.age
+
 Encrypt to the SSH keys of a GitHub user:
 
     $ curl https://github.com/benjojo.keys | age -R - example.jpg > example.jpg.age