README: add secret management policy note

2026-02-12 08:45:00 +00:00 · 2026-02-12 08:45:00 +00:00 · c6641200da
commit c6641200da
parent ece754e107
1 changed files with 6 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -24,3 +24,9 @@ Secrets are managed via HashiCorp Vault at `https://vault.nexus.local`.
 - bash >= 5.0
 - curl, rsync, awscli v2
 - Vault CLI (for secret retrieval)
+
+## Secret management
+
+Use the company Vault at `https://vault.nexus.local` for all secrets.
+**Never commit credentials to version control.**
+See `lib/vault.sh` for runtime secret retrieval.