diff --git a/docs/use-tf-controller/with-a-custom-backend.md b/docs/use-tf-controller/with-a-custom-backend.md
index 0d9917f3..7be27d79 100644
--- a/docs/use-tf-controller/with-a-custom-backend.md
+++ b/docs/use-tf-controller/with-a-custom-backend.md
@@ -39,10 +39,56 @@ spec:
       image: registry.io/tf-runner:xyz
 ```
 
-To add fields from secrets or configMaps, use `-backend-config` arguments of the `init` command to set the values:
+To add fields from secrets or configMaps, use `backendConfigsFrom`, for example to add `access_key` and `secret_key` from a secret:
 
-```
-terraform init \
-  -backend-config="access_key=<your access key>" \
-  -backend-config="secret_key=<your secret key>"
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: terraform-s3-backend
+  namespace: flux-system
+type: Opaque
+data:
+  access_key: <base64 encoded key>
+  secret_key: <base64 encoded key>
+
+---
+
+apiVersion: infra.contrib.fluxcd.io/v1alpha2
+kind: Terraform
+metadata:
+  name: helloworld
+  namespace: flux-system
+spec:
+  approvePlan: auto
+  backendConfig:
+    customConfiguration: |
+      backend "s3" {
+        bucket                      = "s3-terraform-state1"
+        key                         = "dev/terraform.tfstate"
+        region                      = "us-east-1"
+        endpoint                    = "http://localhost:4566"
+        skip_credentials_validation = true
+        skip_metadata_api_check     = true
+        force_path_style            = true
+        dynamodb_table              = "terraformlock"
+        dynamodb_endpoint           = "http://localhost:4566"
+        encrypt                     = true
+      }
+  backendConfigsFrom:
+    - kind: Secret
+      name: terraform-s3-backend
+      keys:
+      - access_key
+      - secret_key
+      optional: false
+  interval: 1m
+  path: ./
+  sourceRef:
+    kind: GitRepository
+    name: helloworld
+    namespace: flux-system
+  runnerPodTemplate:
+    spec:
+      image: registry.io/tf-runner:xyz
 ```