readme updates

README.md

@@ -2,8 +2,6 @@
 
 ## Overview
 
-Design concepts at https://wiki.coadcorp.com/doc/secrets-management-idea-VGJMey7Wnd
-
 Provide REST API for CRUD to store and retrieve user/password data for logging into devices. Only password is encrypted, via AES256 GCM. Values stored in sqlite database.
 
 Requires JWT token to store/retrieve passwords.
@@ -30,6 +28,8 @@ This isn't super secure, probably not even as secure as Hashicorp Vault running
 | INITIAL_PASSWORD | Password to set for builtin Administrator account created when first started, can remove this value after first start. Can specify in plaintext or bcrypt hash | $2a$10$s39a82wrRAdOJVZEkkrSReVnXprz5mxU30ZBO.dHPYTncQCsUD9ce | password
 | SECRETS_KEY | Key to use for AES256 GCM encryption. Must be exactly 32 bytes | AES256Key-32Characters1234567890 | No default specified, must define this value |
 
+If the TLS certificate and key files cannot be located in the specified location, a self signed certificate will be generated with a 1 year validity period.
+
 ## Systemd script
 
 Create/update the systemd service definition at /etc/systemd/system/ccsecrets.service and then run systemctl daemon-reload
@@ -65,7 +65,7 @@ Data
 }
 ```
 
-This operation can only be performed by a user with a role that is admin enabled.
+This operation can only be performed by a user with a role that is admin enabled. There are 3 built in roles, which can be viewed via the `/api/admin/roles` endpoint.
 
 #### Login
 POST `/api/login`
@@ -78,6 +78,8 @@ Data
 }
 ```
 
+This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value.
+
 ### Secrets Operations
 
 #### Store