diff --git a/docs/buildsys/koji-cbs-sigs.md b/docs/buildsys/koji-cbs-sigs.md
index c1cc9fe..b7e5ae9 100644
--- a/docs/buildsys/koji-cbs-sigs.md
+++ b/docs/buildsys/koji-cbs-sigs.md
@@ -160,3 +160,61 @@ Last step is to then play the [stylo](https://github.com/centos/ansible-role-sty
 
 
 ## Koji tags creation
+
+CBS uses a specific naming convention for the koji tags that will be created.
+It's important that we follow that specific convention because the signing/pushing automated process parses the tags to know which gpg SIG key to use, and where to push content that will appear on the mirror network.
+
+Tag structure:
+
+ * SIG name
+ * CentOS Linux/Stream release (abbreviated)
+ * SIG project
+ * SIG project release
+ * tag level that can be either `candidate` , `testing` or `release`
+
+What's the influence of the `tag level` mentioned above ? 
+   * candidate : ignored by signing service, build stays in koji, used to validate build itself or just internal unit-test happening through ci.centos.org for SIGs doing their tests in that environment
+   * testing : processed by signing service but packages aren't signed, and just land on https://buildlogs.centos.org CDN, so just to have publicly available pkgs that can be promoted to `release` by SIG later
+   * release : processed by signing service : packages are gpg signed with SIG key, and content appear on the mirror CDN and can be consummed by all
+
+To create tags, we have in place a tool that is maintained through ansible-role-kojihub and distributed on the kojihub node itself.
+That means that to be able to use it, you need to have local shell access and kick the following commands as the `koji` user , *or* eventually have admin rights and kick the tool from outside 
+
+```bash
+/opt/cbs-tools/scripts/create_sig.sh 
+usage: /opt/cbs-tools/scripts/create_sig.sh -d <distribution> -s <signame(s)> -t <tag(s)>
+
+This script generate new build target in koji for SIGS.
+
+OPTIONS:
+   -a   ARCHES                   : Force arches e.g : "x86_64","aarch64 i686", etc...
+   -b                            : Enable non public bootstrap repo (SCLO SIG only)
+   -c   COLLECTION               : Enable collection in the buildroot e.g : mariadb100
+   -d   DISTRIBUTION             : 5 6 7 8 8s
+   -p   SIG PROJECT NAME         : cloud6-<openstack>, sclo-<mariadb100>, etc...
+   -r   SIG PROJECT RELEASE NAME : cloud6-openstack-<juno>
+   -s   SIG NAME                 : cloud
+   -t   DISTTAGS                 : el7 el7.centos el8_0 el8s
+   -x                            : delete old -build tag and then recreate.
+```
+
+Let's use the Kmods SIG again as an example : 
+
+```
+/opt/cbs-tools/scripts/create_sig.sh -a "x86_64" -s kmods -d 8s -p packages -r main -t el8
+* Checking distribution el8s configuration...
+ -> Checking kmods config...
+Creating user : kmods
+Using default options for kmods/packages
+Creating tag  : kmods8s-packages-main-candidate
+Creating tag  : kmods8s-packages-main-testing
+Creating tag  : kmods8s-packages-main-release
+ -> creating kmods8s-packages-main-el8
+Added external repo centos8s-cr to tag kmods8s-packages-main-el8-build (priority 5)
+Added external repo centos8s-extras to tag kmods8s-packages-main-el8-build (priority 10)
+Added external repo centos8s-powertools to tag kmods8s-packages-main-el8-build (priority 15)
+Added external repo centos8s-appstream to tag kmods8s-packages-main-el8-build (priority 20)
+Added external repo centos8s-baseos to tag kmods8s-packages-main-el8-build (priority 25)
+
+```
+