diff --git a/howto/git.md b/howto/git.md
index 8644dda5ac4c9d5182d320e3257e51719c8b3a20..65c1fa1563f34c4618dbe4f062aec59812444660 100644
--- a/howto/git.md
+++ b/howto/git.md
@@ -566,35 +566,42 @@ This procedure is kept for historical purposes only.
 
 If a repository is, for some reason (typically security), not hosted
 on GitLab, it can still be mirrored there. A typical example is the
-Puppet repository (see [TPA-RFC-76](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow)). To mirror the repository, you
-need (make sure to run this as the user which hosts the repository,
-typically `git`):
+Puppet repository (see [TPA-RFC-76](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow)). 
 
- 1. create the repository in GitLab, possibly private itself (but
-    sometimes it's fine if it's public as well)
+The following instructions assume you are mirroring a *private
+repository* from a host (`alberti.torproject.org` in this case) where
+users typically push in a sandbox user (`git` in this case). We also
+assume you have a local clone of the repository you can operate from.
 
- 1. add the GitLab remote on the private repository:
+ 1. Create the repository in GitLab, possibly private itself, this can
+    be done by adding a remote and pushing *from the local clone*:
+        
+        git remote add gitlab ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git
+        git push gitlab --mirror
+
+ 1. Add the GitLab remote on the *private repository* (in this case on
+    `alberti`, running as `git`:
 
         git remote add origin ssh://git@gitlab.torproject.org/tpo/tpa/account-keyring.git
 
- 2. create a deploy key on the server:
+ 2. Create a deploy key on the server (again, as `git@alberti`):
 
         ssh-keygen -t ed25519
 
- 4. add the deploy key to the repository, in Settings, Repository,
-    Deploy keys, make sure it has write access, and name it after the
-    user on the mirrored host (e.g. `git@alberti.torproject.org` in
-    this case)
+ 4. Add the deploy key to the [GitLab repository](https://gitlab.torproject.org/tpo/tpa/account-keyring), in Settings,
+    Repository, Deploy keys, make sure it has write access, and name
+    it after the user on the mirrored host
+    (e.g. `git@alberti.torproject.org` in this case)
 
- 5. protect the branch, in Settings, Repository, Protected branches:
+ 5. Protect the branch, in Settings, Repository, Protected branches:
 
     - Allowed to merge: no one
     - Allowed to push and merge: no one, and add the deploy key
 
- 6. disable merge requests (in Settings, General) or set them to be
+ 6. Disable merge requests (in Settings, General) or set them to be
     "fast-forward only" (in Settings, Merge requests)
 
- 7. on the mirrored repository, add a `post-receive` hook like:
+ 7. On the mirrored repository, add a `post-receive` hook like:
 
 ```
 #!/bin/sh