From c64c6ec4beae85355d56a6a03e76f829698cb9cb Mon Sep 17 00:00:00 2001
From: Liam Symonds <47109131+lsymds@users.noreply.github.com>
Date: Tue, 14 May 2024 21:10:49 +0100
Subject: [PATCH] update readme for enabling ip restrictions

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 04ee566..af428b9 100644
--- a/README.md
+++ b/README.md
@@ -119,3 +119,7 @@ directory.
 - `SHAREASECRET_BASE_URL` - the base URL that shareasecret will be running under i.e. `https://secret.mycompany.example`
 - `SHAREASECRET_LISTENING_ADDR` - the address (including port) that the server will listen on. Defaults to
   `127.0.0.1:8994`.
+- `SHAREASECRET_SECRET_CREATION_IP_RESTRICTIONS` - a string containing a comma separated list of IP addresses (v4 or v6)
+  that are permitted to create secrets. Leaving this empty or not specifying it (the default) will result in an instance
+  where anyone can create secrets. Requesting IP addresses are sourced from the `X-Forwarded-For` header. If you need to
+  customise this (i.e. to use Cloudflare's `CF-Connecting-IP` instead), use a reverse proxy such as Caddy or Nginx.