Add security notice to README

hashicorp · May 11, 2021 · d1f101f · d1f101f
1 parent e7291a4
commit d1f101f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,5 +1,9 @@
 # Vault + Kubernetes (vault-k8s)
 
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault K8s, _please responsibly disclose_ 
+by contacting us at [[email protected]](mailto:[email protected]).
+
 The `vault-k8s` binary includes first-class integrations between Vault and
 Kubernetes.  Currently the only integration in this repository is the 
 Vault Agent Sidecar Injector (`agent-inject`).  In the future more integrations 
@@ -33,4 +37,4 @@ without forcing Vault users to do a full Vault upgrade.
 
   * A Docker image [`hashicorp/vault-k8s`](https://hub.docker.com/r/hashicorp/vault-k8s) is available. This can be used to manually run `vault-k8s` within a scheduled environment.
 
-  * Raw binaries are available in the [HashiCorp releases directory](https://releases.hashicorp.com/vault-k8s/). These can be used to run vault-k8s directly or build custom packages.
+  * Raw binaries are available in the [HashiCorp releases directory](https://releases.hashicorp.com/vault-k8s/). These can be used to run vault-k8s directly or build custom packages.