diff --git a/CHANGELOG.md b/CHANGELOG.md
index f0ff49b..b92aff8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.0.2] - 2022-05-14
+
+### Added
+
+- Add `--user` options to force it to secure/undo a specific user rather than the entire `KUBECONFIG`
+
 ## [0.0.1] - 2022-05-12
 
 ### Added
diff --git a/cmd/secure.go b/cmd/secure.go
index 6459111..370f409 100644
--- a/cmd/secure.go
+++ b/cmd/secure.go
@@ -37,6 +37,7 @@ func FileExists(filename string) (bool, error) {
 
 func init() {
 	secureCmd.Flags().StringP("kubeconfig", "c", "", "Kubeconfig path")
+	secureCmd.Flags().StringP("user", "u", "", "Secure specific user instead of all")
 
 	rootCmd.AddCommand(secureCmd)
 }
@@ -53,7 +54,20 @@ var secureCmd = &cobra.Command{
 			log.Fatal(err)
 		}
 
+		specificUser, err := cmd.Flags().GetString("user")
+		if err != nil {
+			log.Fatal(err)
+		}
+		if specificUser != "" {
+			fmt.Printf("Looking up for a specific user %s\n", specificUser)
+		}
+
 		for name, user := range cfg.AuthInfos {
+			if specificUser != "" && specificUser != name {
+				fmt.Printf("Skip user %s: not a %s\n", name, specificUser)
+				continue
+			}
+
 			if len(user.ClientCertificateData) == 0 && len(user.ClientKeyData) == 0 && user.Username == "" && user.Password == "" {
 				fmt.Printf("Skip user %s: nothing to secure\n", name)
 				continue
diff --git a/cmd/undo.go b/cmd/undo.go
index 93866d2..2161161 100644
--- a/cmd/undo.go
+++ b/cmd/undo.go
@@ -15,6 +15,7 @@ import (
 
 func init() {
 	undoCmd.Flags().StringP("kubeconfig", "c", "", "Kubeconfig path")
+	undoCmd.Flags().StringP("user", "u", "", "Secure specific user instead of all")
 
 	rootCmd.AddCommand(undoCmd)
 }
@@ -31,7 +32,20 @@ var undoCmd = &cobra.Command{
 			log.Fatal(err)
 		}
 
+		specificUser, err := cmd.Flags().GetString("user")
+		if err != nil {
+			log.Fatal(err)
+		}
+		if specificUser != "" {
+			fmt.Printf("Looking up for a specific user %s\n", specificUser)
+		}
+
 		for name, user := range cfg.AuthInfos {
+			if specificUser != "" && specificUser != name {
+				fmt.Printf("Skip user %s: not a %s\n", name, specificUser)
+				continue
+			}
+
 			fmt.Printf("Found user: %s\n", name)
 
 			if user.Exec == nil || !strings.HasSuffix(user.Exec.Command, executable) {