From 0354dd43e2e4d2acd81fe536b0ab518891d47265 Mon Sep 17 00:00:00 2001
From: Andrew Plummer <plummer574@gmail.com>
Date: Wed, 26 Feb 2020 22:54:23 +0000
Subject: [PATCH] Usage documentation

---
 README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/README.md b/README.md
index c6e25bc..0d9f5ff 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,33 @@
 # sops-secretsmanager-cdk
 Safely load secrets from sops into secretsmanager using the CDK
+
+## Usage
+
+```typescript
+import { SopsSecretsManager } from 'sops-secretsmanager-cdk';
+...
+new SopsSecretsManager(this, 'StoreSecrets', {
+    asset: new s3Assets.Asset(this, 'SopsAsset', {
+        path: './path/to/secretsfile.yaml',
+    }),
+    kmsKey: myKey,  // or use kms.Key.fromKeyArn
+    secretName: 'TestSecret',  // or secret: mySecret
+    mappings: {
+        nameInSecretsManager: {
+            path: ['path', 'to', 'value', 'in', 'secretsfile'],
+            // optionally pass encoding: 'json' to pass a portion of the secrets file
+        },
+        anotherThingInSecretsManager: {
+            path: ['other', 'path'],
+        },
+        // etc
+    },
+});
+```
+
+## Implementation
+
+Using the CDK's custom resource mini-framework, the sops secrets file
+is uploaded to S3 as an asset _as is_, still encoded. The custom
+resource Lambda then decodes the secrets (in memory, never on disk)
+and puts them into the SecretsManager secret.