From 6c4cffad2c18bb0f90448243c1c5b984f1e93452 Mon Sep 17 00:00:00 2001
From: Leo Q <LeoQuote@users.noreply.github.com>
Date: Thu, 11 Apr 2024 19:18:58 +0800
Subject: [PATCH] update readme

---
 charts/dify/README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/charts/dify/README.md b/charts/dify/README.md
index 68e06d8..fbf7f54 100644
--- a/charts/dify/README.md
+++ b/charts/dify/README.md
@@ -48,6 +48,22 @@ The minimal configure provided above is sufficient for experiment but **without
 You **must do**  the following extra work before put it into production!!
 
 
+### Protect Sensitive info with secret
+Environment variable like `SECRET_KEY` could be harmful if leaked, it is adviced to protect them using secret or csi volume.
+
+The example of using secret is like 
+```
+global:
+  extraBackendEnvs:
+  - name: SECRET_KEY
+    valueFrom:
+      secretKeyRef:
+        name: dify
+        key: SECRET_KEY
+```
+
+Read more: https://kubernetes.io/docs/concepts/security/secrets-good-practices/
+
 ### External postgresql
 
 1. set the `postgresql.embedded` to `false`