diff --git a/README.md b/README.md
index 48be3a3d97a0cd67fa3b484ddbd26e24d7090d43..437f61d7e0c278cb5da1044738a6760c2947d10f 100644
--- a/README.md
+++ b/README.md
@@ -37,8 +37,8 @@ The user can now ssh to the production machine, and continue to ssh to any machi
 
 # Usage
 Cashier comes in two parts, a [cli](cmd/cashier) and a [server](cmd/cashierd).
-The client is configured using either a [HCL](https://github.com/hashicorp/hcl) configuration file - [example](example-client.cfg) - or command-line flags.
-The server is configured using a JSON configuration file - [example](example-server.json).
+The client is configured using either a [HCL](https://github.com/hashicorp/hcl) configuration file - [example](example-client.conf) - or command-line flags.
+The server is configured using a HCL configuration file - [example](example-server.conf).
 
 For the server you need the following:
 - A new ssh private key. Generate one in the usual way using `ssh-keygen -f ssh_ca` - this is your CA signing key. At this time Cashier supports RSA, ECDSA and Ed25519 keys. *Important* This key should be kept safe - *ANY* ssh key signed with this key will be able to access your machines.
@@ -50,11 +50,11 @@ For the server you need the following:
 ```
 go get github.com/cashier/cmd/...
 ```
-2. Create a signing key with `ssh-keygen` and a [config.json](example-server.json)
+2. Create a signing key with `ssh-keygen` and a [cashierd.conf](example-server.conf)
 3. Run the cashier server with `cashierd` and the cli with `cashier`.
 
 ## Using docker
-1. Create a signing key with `ssh-keygen` and a [config.json](example-server.json)
+1. Create a signing key with `ssh-keygen` and a [cashierd.conf](example-server.conf)
 2. Run
 ```
 docker run -it --rm -p 10000:10000 --name cashier -v $(pwd):/cashier nsheridan/cashier
diff --git a/example-client.cfg b/example-client.conf
similarity index 100%
rename from example-client.cfg
rename to example-client.conf
diff --git a/example-server.conf b/example-server.conf
new file mode 100644
index 0000000000000000000000000000000000000000..94c6b69be61ca9ff0ba1bd16c092838d3685ef4e
--- /dev/null
+++ b/example-server.conf
@@ -0,0 +1,24 @@
+server {
+  use_tls = true  # Optional. If this is set then `tls_key` and `tls_cert` must be set
+  tls_key = "server.key"  # Path to TLS key
+  tls_cert = "server.crt"  # Path to TLS certificate
+  port = 443  # Port to listen on
+  cookie_secret = "supersecret"  # Authentication key for the client cookie
+}
+
+auth {
+  provider = "google"  # Oauth provider to use
+  oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com"  # Oauth client ID
+  oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy"  # Oauth client secret
+  oauth_callback_url = "https://sshca.example.com/auth/callback"  # Oauth callback url
+  provider_opts {
+    domain = "example.com"  # Oauth-provider specific options
+  }
+}
+
+ssh {
+  signing_key = "signing_key"  # Path to the CA signing secret key
+  additional_principals = ["ec2-user", "ubuntu"]  # Additional principals to allow
+  max_age = "720h"  # Maximum lifetime of a ssh certificate
+  permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"]  #  Permissions associated with a certificate.
+}
diff --git a/example-server.json b/example-server.json
deleted file mode 100644
index 1ac84f27c60a68bfbee061a4b018b0f5f99b1473..0000000000000000000000000000000000000000
--- a/example-server.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "server": {
-    "use_tls": true,
-    "tls_key": "server.key",
-    "tls_cert": "server.crt",
-    "port": 443,
-    "cookie_secret": "supersecret"
-  },
-  "auth": {
-    "provider": "google",
-    "oauth_client_id": "nnnnnnnnnnnnnnnn.apps.googleusercontent.com",
-    "oauth_client_secret": "yyyyyyyyyyyyyyyyyyyyyy",
-    "oauth_callback_url": "https://sshca.example.com/auth/callback",
-    "provider_opts": {
-      "domain": "example.com"
-    }
-  },
-  "ssh": {
-    "signing_key": "signing_key",
-    "additional_principals": ["ec2-user", "ubuntu"],
-    "max_age": "720h",
-    "permissions": ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"]
-  }
-}