diff --git a/bin/sekrit.1 b/bin/sekrit.1
index 4b72b4c..8218700 100644
--- a/bin/sekrit.1
+++ b/bin/sekrit.1
@@ -19,6 +19,7 @@
 .Sh SYNOPSIS
 .Nm
 .Cm add
+.Op Fl f
 .Ar key
 .Op Ar value ...
 .Nm
@@ -51,7 +52,7 @@ Because of this,
 can be used as an account credentials manager,
 or as a general-purpose key-value store of encrypted information.
 .Bl -tag -width Ds
-.It Nm Cm add Ar key Op Ar value ...
+.It Nm Cm add Oo Fl f Oc Ar key Op Ar value ...
 Adds a value to
 .Ar key .
 .Ar value
@@ -64,7 +65,9 @@ will read the value from standard input.
 .Cm add
 will fail if
 .Ar key
-already has a value.
+already has a value, unless
+.Fl f
+is specified.
 .It Nm Cm cp Oo Fl k Oc Ar key
 Decrypts the value associated with
 .Ar key
diff --git a/bin/sekrit.sh b/bin/sekrit.sh
index a607ab1..f1960f9 100644
--- a/bin/sekrit.sh
+++ b/bin/sekrit.sh
@@ -29,7 +29,7 @@ usage()
 {
 	cat - <<. >&2
 Usage:
-	${0##*/} add key [value ...]
+	${0##*/} add [-f] key [value ...]
 	${0##*/} cp [-k] key
 	${0##*/} gen [-l length] [chars]
 	${0##*/} get key
@@ -63,6 +63,18 @@ to_number()
 
 sekrit_add()
 {
+	force=no
+	OPTIND=1
+	while getopts f flag; do
+		case "$flag" in
+		k)	force=yes
+			;;
+		*)	usage
+			;;
+		esac
+	done
+	shift $((OPTIND - 1))
+
 	[ $# -ge 1 ] && [ -n "$1" ] || usage
 	key=$1
 	check_key "$key"
@@ -71,14 +83,14 @@ sekrit_add()
 	f=$SEKRIT_DIR/$key.gpg
 	mkdir -p "${f%/*}"
 
-	[ -f "$f" ] && err "key $key already exists"
+	[ -f "$f" ] && [ $force = no ] && err "key $key already exists"
 
 	if [ $# -gt 0 ]; then
 		# use all additional parameters as a single string
 		printf "%s\n" "$*"
 	else
 		cat -
-	fi | gpg2 -qae -r "$SEKRIT_GPG_ID" >"$f"
+	fi | gpg2 -qae -r "$SEKRIT_GPG_ID" >|"$f"
 	# make it read-only
 	chmod -- 400 "$f"
 }