From ffb01f623b08153f3f5818a2278aceb10dd570ff Mon Sep 17 00:00:00 2001
From: Silvio Moioli <silvio@moioli.net>
Date: Fri, 30 Aug 2024 16:38:56 +0200
Subject: [PATCH] README: SQLite specify encryption limitations

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index d5764b0f..b8757c18 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,14 @@ Steve is used with SQLite caching of resources, which is configured when
 calling `server.New` via the `server.Options.SQLCache` boolean option.
 Meaning and behavior are the same unless otherwise specified.
 
+Note that, if SQLite caching of resources is enabled, some of the data
+is encrypted at rest. In particular:
+ - by default, Secrets are encrypted
+ - if the environment variable `CATTLE_ENCRYPT_CACHE_ALL` is set to "true",
+all resources are encrypted
+ - regardless of the setting, any filterable/sortable columns are stored
+in plain text (see `filter` below for the exact list)
+
 #### `limit`
 
 **If SQLite caching is disabled** (`server.Options.SQLCache=false`),