update readme for enabling ip restrictions

lsymds · May 14, 2024 · c64c6ec · c64c6ec
1 parent 45d6468
commit c64c6ec
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -119,3 +119,7 @@ directory.
 - `SHAREASECRET_BASE_URL` - the base URL that shareasecret will be running under i.e. `https://secret.mycompany.example`
 - `SHAREASECRET_LISTENING_ADDR` - the address (including port) that the server will listen on. Defaults to
   `127.0.0.1:8994`.
+- `SHAREASECRET_SECRET_CREATION_IP_RESTRICTIONS` - a string containing a comma separated list of IP addresses (v4 or v6)
+  that are permitted to create secrets. Leaving this empty or not specifying it (the default) will result in an instance
+  where anyone can create secrets. Requesting IP addresses are sourced from the `X-Forwarded-For` header. If you need to
+  customise this (i.e. to use Cloudflare's `CF-Connecting-IP` instead), use a reverse proxy such as Caddy or Nginx.