diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index 7a7776c..b59d709 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -197,6 +197,13 @@ Key attributes, such as capabilities (like *signing* or *encryption*) and expira
 
 It is crucial to note that the components of an OpenPGP certificate remain static after their creation. The use of signatures to store metadata allows for subsequent modifications without altering the original components. For instance, a certificate holder can update the expiration time of a component by issuing a new, superseding signature.
 
+```{figure} diag/Primary_key_metadata.png
+:name: fig-primary-metadata
+:alt: Depicts a direct key signature, associated with a primary component key.
+
+Metadata can be associated with the primary key using a *direct key signature*
+```
+
 ### Defining operational capabilities of component keys with key flags
 
 Each component key has a set of ["key flags"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#key-flags) that delineate the operations a key can perform.