diff --git a/samples/knot.full.conf b/samples/knot.full.conf
index 4a46af41164ca6baf884ebad8ff00a87003137a5..dd611b17360ffc011bd4720e11388ffd400f27ad 100644
--- a/samples/knot.full.conf
+++ b/samples/knot.full.conf
@@ -88,25 +88,31 @@ system {
   rate-limit-slip 2;
 }
 
-# Section 'keys' contains list of TSIG keys
-keys {
+# Includes can be placed anywhere at any level in the configuration file. The
+# file name can be relative to current file or absolute.
+#
+# This include includes keys which are commented out in next section.
+include "knot.keys.conf";
 
-  # TSIG key
-  #
-  # format: name key-type "<key>";
-  # where key-type may be one of the following:
-  #   hmac-md5
-  #   hmac-sha1
-  #   hmac-sha224
-  #   hmac-sha256
-  #   hmac-sha384
-  #   hmac-sha512
-  # and <key> is the private key
-  key0.server0 hmac-md5 "Wg==";
-
-  # TSIG key for zone
-  key0.example.com hmac-md5 "==gW";
-}
+# Section 'keys' contains list of TSIG keys
+#keys {
+#
+#  # TSIG key
+#  #
+#  # format: name key-type "<key>";
+#  # where key-type may be one of the following:
+#  #   hmac-md5
+#  #   hmac-sha1
+#  #   hmac-sha224
+#  #   hmac-sha256
+#  #   hmac-sha384
+#  #   hmac-sha512
+#  # and <key> is the private key
+#  key0.server0 hmac-md5 "Wg==";
+#
+#  # TSIG key for zone
+#  key0.example.com hmac-md5 "==gW";
+#}
 
 # Section 'interfaces' contains definitions of listening interfaces.
 interfaces {
diff --git a/samples/knot.keys.conf b/samples/knot.keys.conf
new file mode 100644
index 0000000000000000000000000000000000000000..5911a08822ea6bf87e916ad0fe7361566b665d48
--- /dev/null
+++ b/samples/knot.keys.conf
@@ -0,0 +1,10 @@
+#
+# knot.keys.conf
+#
+# This is a sample configuration file which is included from 'knot.full.conf'.
+#
+
+keys {
+  key0.server0 hmac-md5 "Wg==";
+  key0.example.com hmac-md5 "==gW";
+}