From c3829d4ae653f2d2903aaff7dd18871147553e1f Mon Sep 17 00:00:00 2001
From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com>
Date: Mon, 14 Jun 2021 12:58:16 -0700
Subject: [PATCH] README.md: Add rules

---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index 174a52a..4454b96 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,11 @@ Secret providers may implement additional protections via:
 
 ## Usage
 
+#### Rules:
+1. Secrets are only available within a readonly or readwrite block
+2. Secrets are not thread safe except for the provided `Bytes` (only when reading) within a single readonly or readwrite block 
+
+
 ```crystal
 require "crypto-secret/not"
 
@@ -48,6 +53,16 @@ secret.wipe do
 end # secret is erased
 ```
 
+#### Breaking the rules:
+
+If you need thread safety :
+1. Switch to a Stateless Secret
+2. Or switch the Secret's state to readonly or readwrite after construction and never switch it again.  [sodium.cr]() makes use of this technique to provide thread safe encryption/decryption
+3. Or wrap all access in a Mutex
+
+If you need more better performance:
+* Consider 1. or 2.
+
 ## What is a Secret?
 
 <strike>Secrets are Keys</strike>